species evolution is taking place and biodiversity changes are taking place so in a geological history this is a limb so it's just a wink of an eye. to see such rapid changes or such changes over occurring so rapidly is something that's astonishing i would say. this is al jazeera these are the top stories in the u.s. police chief has testified against one of his former offices is accused of murdering george floyd it told the jury in minneapolis that show even didn't follow department policy or training when he knelt on floyd's neck. it is my firm belief that the one singular incident we will be judged forever on will be our use of force and so while it is absolutely imperative their officers go home at the end of their shift we want to venture and ensure that our community members go home to and

so sanctity of life is happily vital that that is the pillar for use of force we are oftentimes going to be the 1st ones to respond to someone who needs medical attention and and so we absolutely have a a duty to render that aid high level talks to revive the 2015 iran nuclear deal will begin in vienna shortly representatives from the u.s. china germany russia the u.k. france and iran are attending however american and iranian officials are not planning to meet directly. jordan's or royal court says prince hamza bin hussein has signed a letter pledging his allegiance to the king the jordanian government to accuse the former crown prince of trying to destabilize the country. after a year of anti-government protests across the country india's governing b j p is facing a test at the polls voting is underway on the biggest day of the state assembly elections being seen as a measure of support for the party of prime minister nuri and

a modi the p has performed strongly in national elections struggle to win majorities in state assemblies protests as in may mark continue to demonstrate against a military coup in crackdown and the young go on they threw red paint onto the streets where protesters have died as military june to power on february 1st at least 570 people killed using internal strayer have agreed to create a quarantine free travel probable from april the 18th people will be able to travel freely between the countries but travel restrictions will be reimposed a few cases of. north korea says it will not participate in the tokyo olympics becoming the 1st country to officially withdraw from the event in july pyongyang says it wants to protect its athletes from covert 19 infections you are today headlines more news coming up here in algeria right after inside story. we know what's happening in our region we know how to get the faith is that others and not

i was just thrown here guys by the party the only purpose i did in iraq that time and it will grab me to go lie on the go live to work another story that may not be mainstream i think buyers missed out on the enormity of. the way that you cal the story is what can make a difference. it's seen as a golden opportunity for hackers and cyber criminals the personal data of more than a half a 1000000000 facebook users shared online so who is responsible for the security breach and how can users be protected this is inside stores.

hello and welcome to the program. it may seem safe enough to post your phone number and date of birth on social media but that information could end up being shared all over the web that's what happened to more than half a 1000000000 facebook users their personal details were posted online on a website for hackers according to the business insider publication the security breach affects people from $106.00 countries including the u.s. u.k. and india cyber security experts are worried the accounts are subject to identity theft and could be used for fraud and cyber crimes facebook says the data was collected in 2019. it's not the 1st time facebook has been breached and users data exposed online a technical glitch in 2008 revealed confidential birthdates of 80000000 facebook users in 2013 a software flaw exposed phone numbers and e-mail addresses of 6000000 users in 2018 profile details from 87000000 users were improperly accessed by political data firm can bridge analytical facebook's messaging platform whatsapp had

a security breach in 2019 that allowed hackers to install spyware on phones via the apps phone call function and last year its social media accounts were temporarily taken over by a group of hackers who said it was an attempt to show cyber vulnerabilities let's have a look at how big a problem the hacking business is a car school study at the university of maryland says there's a hacker attack every 39 seconds i did it he theft to spike during the coronavirus pandemic with 1400000 reports of such incidents in the u.s. alone last year google has registered more than 2000000 phishing sites as of january 17th this year it's estimated by top 20 $25.00 cyber crime will cost the world more than $10.00 trillion dollars a year and by 2027 it's forecast the cyber security market will be worth more than $400000000000.00. all right let's bring in our guests in washington d.c. jodi westby is chief executive of global cyber risk technology and advisory

services firm joining us from mustard catalina go on to us it's a professor in private law must drift university and co-manager a must drift law and tech lab and in berlin caroline sender's visiting researcher at wits and bomb institute and fellow at harvard kennedy school jodi let me start with you today facebook has said in a statement that this is old data that was previously reported on a 2019 they also said that they had found and fixed this issue in august of 200-1000 but whether or not this issue was fixed by facebook the user data is still out there right. well it's not only out there it's a lot of it is ballad brecht a sort of ballad no matter how old they are some of the personal particulars that were included in this data you know e-mails and phone numbers and birth dates and and other personal affiliations that is still valid data certainly birth dates are

and emails and south phone numbers especially are very valuable so for them to just dismiss that this says oh it's all day that we fix this 2 years ago just completely shows disrespect for all those 500000000 users those personal identification as is now out there carol you know what's the liability of companies like facebook and other tech giants when it comes to their cyber security standards and when our data breaches and the hacks a sign of negligence. that's a great question so from a data protection perspective also according to the g.d.p. our companies 1st and foremost are going to have an obligation to notify not only the data protection authorities but also the users when they identify that there has been a very considerable harm brought to the users because of these data breaches for instance in the netherlands the fine of not notifying the data protection authority can go up to what 850000 euros that is something that is at least straightforward

on the other hand what you are asking about standards that are a political or from the perspective of cyber security that's a little bit less clear because from a legal perspective we need to look into contractual liability into tort liability and that is really going to depend on the jurisdiction and perhaps what we could say is that if there is going to be a harm brought to the bone or a bill user because they're going to get scammed due to the fact that as jodi mentioned their e-mail address and their phone number is out there on the internet perhaps there can be a torrent of liability because of this situation or as i said a contractual liability caroline how does this incident differ from other incidents in the past and how significant is it that this data is now on hacking website how much more accessible is it. i would say it's extremely accessible and as troy

hunt who runs have even which is a great website for people to check if their passwords or e-mails have been our private data breach and he noted on twitter that the data set of his personal information has been shared many times and it's been now replicated on different websites so at this point it's really out in the public if one website is taken down you know the dataset itself is now replicated in store and other places so what it is it's now a large data set in access of people's personal information that really many people can access and use for a variety of nefarious ways i guess in terms of how it differs it's a lot of it is the size for example and we have to ask about the steps facebook has taken to notify notify the users and also the amount and the different kinds of data that's been shared so it's not just phone numbers it is things like e-mail things like potentially people's addresses their real names etc so it's

a lot of data it's not just for example a password or an e-mail address but a lot more personal and as jodi has said you know valid information about an individual can lead i saw you nodding to a lot of what caroline was saying just there's let me ask you to expand on some of what she was saying 1st of all let me see if you have a reaction when she was saying but secondly i want to ask you i mean what do we know as far as what facebook has done what steps they've taken to notify people whose data has been breached. so i was just in agreement with everything that caroline mentioned because the thing is that as you were also saying earlier facebook says this is old data so this is why we're not going to take any kind of measures but i think what we need to do is take a step back and ask ourselves indeed is this data actually the result of the exploitation of a security vulnerability or is it even worse than that because at least when respecting about a vulnerability that it can be a very sophisticated and maybe jodi has more information about that but if this is

a very sophisticated cyber security standard that's one thing but facebook has been using as its graph a.p.i. to give access to a lot of 3rd parties a lot of developers to the type of data that caroline was mentioning so that is also very likely that this type of data set is just an aggregated data set based on web scraping and also based on the use of the graph a.p.i. and that's where the liability for a sports facebook could be even multiplied because it happened that in 2018 i believe the information commissioner's office or from of the united kingdom actually find facebook 500000 pounds because of the data sharing practices that led to the came channel atika incident and so did the italian competition authority on a different ground on the ground that facebook has been misleading its consumers with respect to the kind of data sharing standards that it's actually disclosing to the consumers so it's saying one thing but it's doing

a completely different thing jodi it seems like every few months we hear about another big hack or data breach whether we're talking about users of social media platforms and their information or whether we're talking about cyber warfare that are affecting entire countries and governments from your perspective are people paying enough attention tension are people alarmed by what's going on or as alarmed as they should be. you know it's interesting i think people are alarmed and i'd like to step back just a 2nd though to the cause that thread that you were just on because we have to remember that facebook is under an order from our federal trade commission who find facebook $5000000000.00 for the cambridge analytical problems and breaching its can it's consent order and so it is under an order to have security at bull's security program and so it you know it it it it does have

a legal obligation and. they were notified i think in january that they were birthdates were able to be seen on users and so when we go forward and look at this we can say well you know that they had noticed yes mistakes can happen and there isn't a silver bullet through security but they are new tory is for not having good privacy for not having good governance practices and for violating their own requirements and the f.t.c. consent order so i think all of that has to be considered caroline how much are hackers changing their techniques as security advances and how easy a target are social media sites and feeds. well i'm not really sure if i'm the best person to necessarily answer that but one thing i will say is you know actors are often looking for any and all kinds of vulnerabilities be it

a white hat hackers or black out one you know with with the creation of a bug bounties trying to actually find vulnerabilities in terms of fix them that's pretty normal but i think it's important to remember and actually point out the amount of personal data that those will social media platforms collect on people and then the amount of data they actually request so for example with facebook facebook was repeatedly requesting people's phone numbers in terms of things like factor authentication so another way for a user to try to add a little more security to their account and then as wife had pointed out those phone numbers ended up being used or were targeted at so i think it's incredibly important to point out that there's a lot of information people place into social media and then are also given in terms to verify their accounts except for us and that kind of personal information is are things when leaked again as joe does point out call that calling it valid

information it's information that one flea is incredibly difficult for user to change or augment if it's different and the a slightly easier to change a password but how do you change your birthdate for example or your social security number or your address or your phone number those things are much more stickier and harder and personal people actually need that kind of information to function right in any different as a society that or a city that they're existing and so you know we have to also look at how class forums and general big tech companies are requesting information how they're storing it why they're requesting it and also what they're using it for and facebook is you know when we can we can point out many different different examples of of facebook misusing the data that they access even on. catalina are breaches of this magnitude being reported to data protection authorities and which of the data protection authorities are the ones that would take measures to and to try and ensure this doesn't happen again. so when it comes to data protection

authorities in principle if you look at also the data that was reported to have been leaked in the past days you can see that there is a plethora of countries and jurisdictions that have victims or that have users on their territories who have been affected by this leak now in principle facebook should be reporting this type of situation to all of these data protection authorities wherever they exist however the problem is also that these authorities are very often completely overburdened with the type of harms that happen on digital markets and although there is a legal framework for the reporting and there is a legal framework for even the cooperation between different data protection authorities so for instance the g.d.p. are even has a chapter a full chapter on that how different national data protection authorities can operate and can exchange information so that they can have joint investigations the

at the end of the day and it just boils down to the kind of resources that these agencies have and this is what happens in practice is that a lot of these data protection authorities simply are not going to take that many measures depending on the jurisdiction and this leans citizens and and consumers completely vulnerable and this is why i would like to also mention that citizens can even take another type of path to protect themselves and that is collective actions and we're going to see more of that in the european union as a 2023 when a new directive is going to come into force judy what do you think will be more collective actions taken in the u.s. . oh yes there will be a class action lawsuit and depending on whether this has an impact on facebook you know they are already have had shareholder derivative suits filed against their board and securities class action suits and so it'll be interesting to see whether

another round based on this incident gets get started but the plaintiff's bar is definitely awake and very alert to these types of incidents caroline is is facebook and her other you know media companies doing enough to allay the fears of users right now i would say probably not if facebook's reaction to for example this this leak in particular is to say that this information is old and not necessarily highlight or take take ownership over how much data has been leaked and no that's not enough right and you know we see a variety of different kinds of harms coming out platforms from. you know how networks islands and harassment to proliferate on platforms from spaces where we see conspiracy theories sort of launching and coming until major trends in

campaigns and then in this case to where we see like major data breaches with kind of either a hand waving as a term of reaction or you know not necessarily quit or taking the steps of of how this happened and how it could be fixed so my my response would be no not enough ken let me ask you something that i asked jody earlier as well i mean from your vantage point do you think that you know people are as alarmed as they should be when it comes to these breaches or have they become accustomed to hearing about them are they worried about you know the cyber warfare that's been going on that's affecting you know countries around the world and governments around the world as well. i believe that consumers do not know and to not realize nearly as much as they ought to when it comes to the kind of harms that they open themselves to when they do decide because this is also a matter of personal a personal decision making to share

a lot of information with facebook's i'm not even speaking about the information that caroline was mentioning the fact that facebook would ask for for instance the phone number for one purpose and then maybe misuse it but a lot of users also have denied the tapes thinking that any kind of information any kind of personal data that they share is going to be safe on facebook however what we see is that especially for consumers there's going to be a massive honorability 'd in terms of the type of social engineering that can be done on the basis of these types of data sets bought or shared on the dark web or on hacker forums because a lot of elderly populations especially are going to fall prey to the type of phone calls that will use some of these data points to gain the trust of that particular user and then basically deeply to let's say the savings an 80 year old and this type of activity is now so incredibly popular criminally speaking that even you

tubers are now launching you tube channels and and twitch channels where they actually play the elderly and then they try to play with the social scammers so it's a tremendous risk and i think that we really need to do more as a society also to just educate our population on these kind of harms jodi i saw you nodding along to some what catalina was saying did you want to jump in. well just that that i fully agree i don't think that people are as aware. as to all the exploits that something that can be done performed using your personal information the list has ground significantly it's not just identity theft anymore and so i think people are somewhat. become somewhat immune to hearing about this but then they realize that the harm is out there because it's the person that ultimately has to rattle the damage to their lives. but it's it's

also that we don't have enough action by government officials to really come down and hammer companies on this because they just this just keeps happening and companies just simply aren't spending the money they need to spend to put in the right kinds of security programs so i think it's a lot of things it's that consumers who don't really understand the environment it's everyone have going oh another one of those events and then also the government's just not being as strict as and and in forcing everything we possibly can and after these incidents occur carolyn i also saw you reacting to some what jodi was saying right now did you want to add to that. sure and to give an example of of of of how i think consumers either aren't aware or maybe it doesn't enter their periphery enough and it's me on my harassment research work i do one of the things we've been looking at is how do you how do you encourage people to take

preventative steps toward harassment and that's very linked to security for example of of having more security or privacy protocols of such up once passwords frequently of doing things like 2 factor authentication of regularly removing their data from the internet by using things like delete me and really you can tell people a series of steps to engage and but it doesn't actually really seem to register with the users the that something to do until they face harm until they have to respond to a harm that they face to then engage in those actions so it's i think it's a very similar thing when we talk about these data breaches of until someone faces perhaps more direct harm from the data breach do they realize how it's linked to their information being put out there and that is that is a problem when we're trying to create things like preventative education for example if the if the only response is once you face the harm you understand the level of it catalina from from your perspective what are the steps sort of the concrete steps that could be taken you know to really help with this kind of

situation to really educate people to try to make sure this doesn't happen again. i think a soprano a situational perspective just to echo what jody was saying i think that it would be very important for consumer protection authorities data protection authorities even competition authorities to launch themselves into more public campaigns just awareness campaigns to reach all of these users and to perhaps really push the message that indeed it is very important to be more hygene it when it comes to internet use and this is a this is a problem right now that you see that all of these institutions are not only underfunded when it comes to or relatively to the nature and the scope of harm that we see on to the markets but they also remain quite essentially national so we have in the european union now the g.d.p. are and as i was mentioning we have these coordination and cooperation frameworks but the problem is that these harms are international they are transnational yet

everything that we do it just remains national and i think that that's that's just something that we need to tackle and we need to figure out how to deal with in the future a majority if we can take a step back for a moment and look at a theme that keeps coming up in our discussion today i mean this all really shows that the lifespan of a breach or a hack it really just goes on and on doesn't. it does and you know it really highlights the need for cyber due diligence and mergers and acquisitions because when you buy a company you buy all of its previous breaches you buy all of its vulnerabilities and that is something many of us have talked about but it also just highlights the need for. companies to just in general and or stand that just because something happened a year or 2 ago doesn't mean that problem is over like facebook seems to thank best it's old news that's old data and we also have to remember too that intelligence

agencies from all over the world are going to be all over this data because this gives them a lot of very useful data about a high volume of users in countries around the world and so there's sort of another reason the u.s. government should be all over facebook and saying get this information secure and we can't have this kind of data leakage it's it's just a very compact plex problem that has so many different. qualls if you will that can they can reach out and and impact people and governments and society that it's very problematic and it highlights the need for cyber security to be taken more seriously by everybody individuals companies and governments catalina v new privacy laws that have come into existence and parts of europe and parts of the united states how much of an impact are they going to have on social media companies going forward. so what we've seen is that the g.d.p.

our for instance has been really counted as a gold standard and privacy but there have also been some some opinions according to which the f.t.c. actually has been really trying to enforce the national or let's say federal standards of privacy and the u.s. in a much more in a much more but let's say impactful way than the data protection authorities have done in the european union so on the one hand it's an interesting development also fall from a legal perspective but on the other hand it's also a short of what we still need and to also just build on what was mentioning it was mentioned before and i think that perhaps some stringent rules on a cybersecurity and also the idea of ok what are the standards what are the official legal standards that any social media company ought to fulfill from a security perspective not some high a so you know standardization approaches that just signal industry compliance but

actual legal standards that can hold these companies accountable for the fact that they're downplaying the role of cyber security and their operations there's a book by bruce schneier which i absolutely love it's called click here to kill everybody and i think it's really a great metaphor for what's happening right now if people and specially companies are getting very ignorant when it comes to their operations and the cyber security steps they need to comply with all right we've run out of times we're going to have to leave the conversation there thank you so much to all of our guests jody west because lena go on to and caroline cinders. and thank you for watching you can see the program again any time a visiting our website al jazeera dot com and for further discussion go to our facebook page that's facebook dot com forward slash a.j. inside story you can also join the conversation on twitter our handle is at a.j. and sad story for me my material in the whole theme here by for now.

capturing a moment in time. snapshots of all the lives. of the stories. providing a glimpse into someone else's what. we would call it the threat piece to believe the fight the. inspiring documentaries from impassioned filmmakers. i am the voice we are the. witnesses on al-jazeera. when the news breaks here in windsor with to see me this is the main breach completely underwater when people need to be heard 1000 people staying in the stands just a stone's throw from the us mexico border and the story needs to be told i felt like the whole sky is full of them with exclusive interviews and in-depth reports

al-jazeera has teams on the ground the house of abraham to bring you more award winning documentaries and life needs. unprompted and uninterrupted discussions. from our london broadcast center. on al-jazeera. the top diplomat subsets of needs in vienna to try to salvage the iran nuclear deal but the u.s. and iran won't hold it. at all macleod this is out 0 live from doha also coming up the u.s. police chief testifies against his own officer accused of killing george floyd says he violated policy. here many disagreed with that 003.