dogon al-jazeera manila. north korea has become the 1st country to officially withdraw from the tokyo lympics it sports ministry says the decision's been made to protect its athletes from covert 19 and in another blow to game organizes osaka has only asks for its leg of the torch relay to be cancelled because of a spike in cases $10000.00 runners take on in the relay and it's seen as the 1st major test of tokyo's ability to hold the event in july under straights restorations. hello again i'm fully back to deal with the headlines on al-jazeera a u.s. police chief has testified against one of his former officers who was accused of murdering george floyd on day 6 of the trial may daria are on don't doto to the jury in minneapolis that derek show vein broken bones on respecting the sanctity of life and acted in a way that was against

a police training once there was no longer any resistance and clearly with mr floyd was no longer responsive and even motionless to continue to apply that level of force to a person prone doubt handcuffed behind their back. that no way shape or form is anything that. is by policy it is not her training it is certainly not part of explorer about. jordan's oil court says printemps have been hussein has signed a letter pledging his allegiance to the king the government has accused the former crown prince of trying to destabilize the country israel's prime minister says cross accusers in his corruption trial are attempting at school the trial has resumed on monday with prosecutors accusing benjamin netanyahu of trading in favors

while in office and it's now denies charges of biber a breach of trust and fraud high level talks about reviving the 2015 iran nuclear deal will begin in australia few hours represents this from the u.s. china germany russia the u.k. france any iran gathering in vienna u.s. and even you know officials are not planning to meet directly russian opposition leader alexina vonnie has reportedly been moved to a medical facility to be treated for a possible respiratory illness avani will be tested for colvin 1000 after posting online that he has a high temperature and a bad cough more than 1800 inmates have escaped from a prison in southern nigeria after the facility was attacked by an armed group present bihari is describing it as an act of terrorism. those are the headlines i have more news for you on al-jazeera stay with us.

it's seen as a golden opportunity for hackers and cyber criminals the 1st settled out of more than a half a 1000000000 facebook users shared online so who is responsible for the security breach and how can users be protected this is inside story. hello and welcome to the program. it may seem safe enough to post your phone number and date of birth on social media but that information could end up being shared all over the web that's what happened to more than half

a 1000000000 facebook users their personal details were posted online on a website for hackers according to the business insider publication the security breach affects people from $106.00 countries including the u.s. u.k. and india cyber security experts are worried the accounts are subject to identity theft and could be used for fraud and cyber crimes facebook says the data was collected in 2019 it's not the 1st time facebook has been breached and users data exposed online a technical glitch in 2008 revealed confidential birthdates of 80000000 facebook users in 2013 a software flaw exposed phone numbers and e-mail addresses of 6000000 users in 2018 profile details from 87000000 users were improperly accessed by political data firm can bridge analytical. facebook's messaging platform whatsapp had a security breach in 2019 that allowed hackers to install spyware on phones via the apps phone call function and last year its social media accounts were temporarily

taken over by a group of hackers who said it was an attempt to show cyber vulnerabilities let's have a look at how big a problem the hacking business is a clark school study at the university of maryland says there's a hacker attack every 39 seconds i did it he theft to spike during the krona virus pandemic with 1400000 reports of such incidents in the u.s. alone last year google has registered more than 2000000 phishing sites as of january 17th this year it's estimated by $22025.00 cybercrime will cost the world more than $10.00 trillion dollars a year and by 2027 it's forecast the cyber security market will be worth more than $400000000000.00. all right let's bring in our guests in washington d.c. jodi westby is chief executive of global cyber risk technology an advisory services firm joining us from mustard if catalina go on to is this a professor in private law must drift university and co-manager a must drift law and tech lab and in berlin caroline sender's visiting researcher

at wheaton bomb institute and fellow at harvard kennedy school jodi let me start with you today facebook has said in a statement that this is old data that was previously reported on a 2019 they also said that they had found and fixed this issue in august of 200-1000 but whether or not this issue was fixed by facebook the user data is still out there right. well it's not only out there it's a lot of it is ballad brecht a sort of valid no matter how old they are some of the personal particulars that were included in this data you know e-mails and phone numbers and birthday. and other personal affiliations that is still valid data certainly birth dates are and emails and south phone numbers especially are very valuable so for them to just dismiss that this says oh it's all day that we fix this 2 years ago just completely

shows disrespect for all those 500000000 users this personal identification as is now out there catalina what's the liability of companies like facebook and other tech giants when it comes to their cyber security standards and when the art data breaches and the hacks a sign of negligence. that's a great question so from a data protection perspective also according to the g.d.p. our companies 1st and foremost are going to have an obligation to notify not only the data protection authorities but also the users when they identify that there has been a very considerable harm brought to the users because of these data breaches for instance in the netherlands the fine of not notifying the data protection authority can go up to what 850000 euros that is something that is at least straightforward on the other hand what you are asking about standards that are a political or from the perspective of cyber security that's

a little bit less clear because from a legal perspective we need to look into contractual liability into tort liability and that is really going to depend on the jurisdiction and perhaps what we could say is that if there is going to be a harm brought to the ball or a bill user because they're going to get scammed due to the fact that as jodi mentioned their e-mail address and their phone number is out there on the internet perhaps there can be a torrent of liability because of this situation or as i said a contractual liability caroline how does this incident differ from other incidents in the past and how significant is it that this data is now on hacking website how much more accessible is it. i would say it's extremely accessible and as troy hunt who runs have even posted which is a great website for people to check if their passwords or emails have been our

private data breach and he noted on twitter that the data set of this person information has been shared many times and it's been now replicated on different websites so at this point it's really out in the public if one website is taken down you know the data set itself is now replicated in store and other places so what it is it's now a large data set in access of people's personal information that really many people can access and use for a variety of nefarious ways i guess in terms of how it differs it's a lot of it is the size for example and we have to ask about the steps facebook has taken to notify notify the users and also the amount and the different kinds of data that's been shared so it's not just phone numbers it is things like email and things like but intially people's addresses their real names etc so it's a lot of data it's not just for example a password or an e-mail address but a lot more personal and as jodi has said you know valid information about an individual can lead i saw you nodding to

a lot of what caroline was saying is there's a let me ask you to expand on some of what she was saying 1st of all let me see if you have a reaction when she was saying but secondly i want to ask you i mean what do we know as far as what facebook has done what steps they've taken to notify people whose data has been breached. so i was just in agreement with everything that caroline mentioned because the thing is that as you were also saying earlier facebook says this is old data so this is why we're not going to take any kind of measures but i think what we need to do is take a step back and ask ourselves indeed is this data actually the result of the exploitation of a security vulnerability or is it even worse than that because at least when respecting about a vulnerability that it can be a very sophisticated and maybe jodi has more information about that but if this is a very sophisticated cyber security standard that's one thing but facebook has been using as its graph a.p.i. to give access to a lot of 3rd parties

a lot of developers to the type of data that caroline was mentioning so that is also very likely that this type of data set is just an aggregated data set based on web scraping and also based on the use of the graph a.p.i. and that's where the liability for a sports facebook could be even multiplied because it happened that in 2018 i believe the information commissioner's office or from of the united kingdom actually find facebook 500000 pounds because of the data sharing practices that led to the came channel atika incident and so did the italian competition authority on a different ground on the ground that facebook has been misleading its consumers with respect to the kind of data sharing standards that it's actually disclosing to the consumers so it's saying one thing but it's doing a completely different thing jodi it seems like every few months we hear about another big hack or data breach whether we're talking about users of social media platforms and their information or whether we're talking about cyber warfare that

are affecting entire countries and governments from your perspective are people paying enough attention tension are people alarmed by what's going on or as alarmed as they should be. you know it's interesting i think people are alarmed and i'd like to step back just a 2nd though to the cause that thread that you were just on because we have to remember that facebook is under an order from our federal trade commission who find facebook $5000000000.00 for the cambridge analytical problems and breaching its can it's consent order and so it is under an order to have security at bull's security program and so it you know it it it it does have a legal obligation and. they were notified i think in january

that they were birthdates were able to be seen on users and so when we go forward and look at this we can say well you know that they had noticed yes mistakes can happen there isn't a silver bullet through security but they are new tory is for not having good privacy for not having good governance practices and for violating their own requirements and the f.t.c. consent order so i think all of that has to be considered caroline how much are hackers changing their techniques as security advances and how easy a target are social media sites and feeds. well i'm not really sure if i'm the best person to necessarily answer that but one thing i will say is you know actors are often looking for any and all kinds of vulnerabilities be it you know white hat hackers or black out ones you know with with the creation of bug bounties trying to actually find vulnerabilities in terms of fix them that's pretty

normal but i think it's important to remember and actually point out the amount of personal data that those will social media platforms collect on people in the amount of data they actually request so for example with facebook facebook was repeatedly requesting people's phone numbers in terms of things like factor authentication so another way for a user to try to add a little more security to their account and then as vice had pointed out those phone numbers ended up being used or were targeted at so i think it's incredibly important to point out that there's a lot of information people place into social media and then are also given in terms to verify their accounts except for us and that kind of personal information is are things when leaked again as joe does point out call that calling it valid information it's information that one flea is incredibly difficult for user to change or augment it it's different you know slightly easier to change

a password but how do you change your birthdate for example or your social security number or your address or your phone number those things are much more stickier and harder and personal people actually need that kind of information to function right in any different as a society that or a city that they're existing and so you know we have to also look at how class forums in general big tech companies are requesting information how they're storing it why they're requesting it and also what they're using it for and facebook is you know when we can we can point out many different different examples of of facebook misusing the data that they access even on. catalina are breaches of this magnitude being reported to data protection authorities and which of the data protection authorities are the ones that would take measures to win to try and ensure this doesn't happen again. so when it comes to data protection authorities in principle if you look at also the data that was reported to have been leaked in

the past days you can see that there is a plethora of countries and jurisdictions that have victims or that have users on their territories who have been affected by this leak now in principle facebook should be reporting this type of situation to all of these data protection authorities wherever they exist however the problem is also that these authorities are very often completely overburdened with the type of harms that happen on digital markets and although there is a legal framework for the reporting and there is a legal framework for even the cooperation between different data protection authorities so for instance the g.d.p. are even has a chapter a full chapter on that how different national data protection authorities can. and can exchange information so that they can have joint investigations that at the end of the day and it just boils down to the kind of resources that these agencies have and and this is what happens in practice is that

a lot of these data protection authorities simply are not going to take that many measures depending on the jurisdiction and this leans the citizens and and the consumers completely vulnerable and this is why i would like to also mention that citizens can even take another type. of path to protect themselves and that is collective actions and we're going to see more of that in the european union as a 2023 when a new directive is going to come into force judy what do you think will be more collective actions taken in the u.s. . oh yes there will be a class action lawsuit and depending on whether this has an impact on facebook you know they are already have had shareholder derivative suits filed against their board and securities class action suits and so it'll be interesting to see whether another round based on this incident gets gets started but the plaintiff's bar is

definitely awake and very alert to these types of incidents caroline is is facebook and her other you know media companies doing enough to allay the fears of users right now i would say probably not if facebook's reaction to for example this this leak in particular is to say that this information is old and not necessarily highlight or take take ownership over how much data has been leaked and no that's not enough right and you know we see a variety of different kinds of harms coming out platforms from. you know how networks islands and harassment to proliferate on platforms from spaces where we see conspiracy theories sort of launching and coming into major trends in campaigns and then in this case to where we see like major data breaches with kind of either a hand waving as

a term of reaction or you know not necessarily quit or taking the steps of of how this happened and how it could be fixed so my my response would be no not enough ken let me ask you something that i asked jody earlier as well i mean from your vantage point do you think that you know people are as alarmed as they should be when it comes to these breaches or have they become accustomed to hearing about them are they worried about you know the cyber warfare that's been going on that's affecting you know countries around the world and governments around the world as well. i believe that consumers do not know and to not realize nearly as much as they ought to when it comes to the kind of harms that they open themselves to when they do decide because this is also a matter of personal a personal decision making to share a lot of information with facebook's i'm not even speaking about the information that caroline was mentioning the fact that facebook would ask for for instance the phone number for one purpose and then maybe misuse it but

a lot of users also have tonight the tapes thinking that any kind of information any kind of personal data that they share is going to be safe on facebook however what we see is that especially for consumers there is going to be a massive honorability 'd in terms of the type of social engineering that can be done on the basis of these types of data sets bought or shared on the dark web or on hacker forums because a lot of elderly populations especially are going to fall prey to the type of phone calls that will use some of these data points to gain the trust of that particular user and then basically deeply let's say the savings an 80 year old and this type of activity is now so incredibly popular criminally speaking that even you tubers are now launching you tube channels and and twitch channels where they actually play the elderly and then they try to play with the social scammers so it's

a tremendous risk and i think that we really need to do more as a society also to just educate our population on these kind of harms jodi i saw you nodding along somewhat catalina was saying did you want to jump in. well just that that i fully agree i don't think that people are as aware. as to all the exploits that something that can be done performed using your personal information the list has ground significantly it's not just identity theft anymore and so i think people are somewhat. become somewhat immune to hearing about this but then they realize that the harm is out there because it's the person that ultimately has to unravel the damage to their lives. but it's it's also that we don't have enough action by government officials to really come down and hammer companies on this because they just this just keeps happening and

companies just simply aren't spending the money they need to spend to put in the right kinds of security programs so i think it's a lot of things it's that consumers who don't really understand the environment it's everyone have going oh another one of those events and then also the government's just not being as strict and and in forcing everything we possibly can and after these incidents occur carolyn i also saw you reacting to some what jodi was saying right now did you want to add to that. sure and to give an example of of of of how i think consumers either aren't aware or maybe it doesn't enter their periphery enough and it's me on my harassment research work i do one of the things we've been looking at is how do you how do you encourage people to take preventative steps toward harassment and that's very linked to security for example of of having more security or privacy protocols of such up once passwords

frequently of doing things like 2 factor authentication of regularly removing their data from the internet by using things like delete me and really you can tell people a series of steps to engage and but it doesn't actually really seem to register with the users the that something to do until they face harm until they have to respond to a harm that they face to then engage in those actions so it's i think it's a very similar thing when we talk about these data breaches of until someone faces perhaps more direct harm from the data breach do they realize how it's linked to their information being put out there and that is that is a problem when we're trying to create things like preventative education for example if the if the only response is once you face the harm you understand the level a bit catalina from from your perspective what are the steps sort of the concrete steps that could be taken you know to really help with this kind of situation to really educate people to try to make sure this doesn't happen again. i think a soprano a situational perspective just to echo what jody was saying i think that it would

be very important for consumer protection authorities data protection authorities even competition authorities to launch themselves into more public campaigns just awareness campaigns to reach all of these users and to perhaps really push the message that indeed it is very important to be more hygene it when it comes to internet use and this is a this is a problem right now that you see that all of these institutions are not only underfunded when it comes to or relatively to the nature and the scope of parm that we see on to the markets but they also remain quite essentially national so we have in the european union now the g.d.p. r and as i was mentioning we have these coordination and cooperation frameworks but the problem is that these harms are international they are transnational yet everything that we do it just remains national and i think that that's that's just something that we need to tackle and we need to figure out how to deal with in the

future a majority if we can take a step back for a moment and look at a theme that keeps coming up in our discussion today i mean this all really shows that the lifespan of a breach or a hack it really just goes on and on doesn't. it does and you know it really highlights the need for cyber due diligence and mergers and acquisitions because when you buy a company you buy all of its previous breaches you buy all of its vulnerabilities and that is something many of us have talked about but it also just highlights the need for. companies to just in general and or stand that just because something happened a year or 2 ago doesn't mean that problem is over like facebook seem to think best is old news that's old data and we also have to remember too that intelligence agencies from all over the world are going to be all over this data because this gives them a lot of very useful data about a high volume of users in countries around the world and so there's

a another reason the u.s. government should be all over facebook and saying get this information secure and we can't have this kind of data leakage it's it's just a very compact plex problem that has so many different. qualls if you will that can they can reach out and and impact people and governments and society that it's very problematic and it highlights the need for cyber security to be taken more seriously by everybody individuals companies and governments catalina v new privacy laws that have come into existence and parts of europe and parts of the united states how much of an impact are they going to have on social media companies going forward. so what we've seen is that the g.d.p. our for instance has been added really counted as a gold standard and privacy but there have also been some some opinions according

to which the f.t.c. actually has been really trying to enforce the national or let's say federal standards of privacy and the u.s. in a much more in a much more but let's say impactful way than the data protection authorities have done in the european union so on the one hand it's an interesting development also fall from a legal perspective but on the other hand it's also a short of what we still need and to also just build on what was mentioning it was mentioned before and i think that perhaps some stringent rules on a cybersecurity and also the idea of ok what are the standards what are the official legal standards that any social media company ought to fulfill from a security perspective not some high a so you know standardization approaches that just signal industry compliance but actual legal standards that can hold these companies accountable for the fact that

they're downplaying the role of cyber security and their operations there's a book by bruce schneier which i absolutely love it's called click here to kill everybody and i think it's really a great metaphor for what's happening right now if people and specially companies are getting very ignorant when it comes to their operations and the cyber security stuff they need to comply with all right we've run out of times we're going to have to leave the conversation there thank you so much to all of our guests jody west because lena go on to and caroline cinders. and thank you for watching you can see the program again any time a visiting our website al jazeera dot com and for further discussion go to our facebook page that's facebook dot com forward slash a.j. inside story you can also join the conversation on twitter our handle is at a.j. inside story from emergency room in the whole team here bye for now.

from the al-jazeera london broil cost center to people in thoughtful conversation i got much less races than when i was at the university of oxford it was really scared me because i was like these people are going to be in positions of power with no host and no limitations empire is the reason that we live in a multicultural society part 2 of pfizer's shaheen and adam whether if it be unscripted it's on.

fully back with a look at our main stories on al-jazeera in a rare move a u.s. police chief has testified against one of his former offices was accused of murdering george floyd by diarrhea our own don't do told the jury in minneapolis said derek show vien broke rules on respecting the sanctity of life john hendren is in minneapolis he says the prosecution is trying to prove that show vain used unjustified force and salves floyd of oxygen.