Facebook's Zuckerberg is sorry about your data -- Now, here's how to protect it

Facebook CEO Mark Zuckerberg testified at a joint hearing of two Senate committees Tuesday, making the case that both he and the company he founded are very sorry for failing to protect the privacy and private information of Facebook’s 2 billion users.

So if you’re a Facebook user, what does that apology mean for you? And how do you protect yourself from future data breaches? Read on to find out some practical steps you can take.

While Facebook is fun and has become woven into many of our lives – often helpfully and pleasurably – it’s important to remember it is also fundamentally a gigantic data farm. Facebook harvests every last bit of personal information about us, our families, friends, and colleagues – without any transparency as to how or by whom that information will eventually be deployed. The company then makes billions of dollars with that information.

Specifically, Congress is concerned with the Cambridge Analytica data breach that at current reckoning has affected 87 million Facebook users, and has called Zuckerberg to a double hot seat this week.

Zuckerberg faced questioning Tuesday at joint hearing of the Senate Judiciary and Commerce Committees. On Wednesday he will testify before the House Energy and Commerce Committee.

But there’s a basic flaw in all the finger-pointing and handwringing over Facebook. Whether tech companies take responsibility or not – even if they have the will or the legislated mandate to do so – the question remains: do they have the actual capability to protect people’s data?

Unfortunately, the answer is that no, the tech companies do not.

The evidence over the past several years is pretty clear. We’ve witnessed an almost continuous pattern of digital breaches and exploits exposing the identifiable personal information – from credit card accounts to Social Security numbers – of hundreds of millions of Americans. 

The death knell for the resilience of private sector digital security may have been the 2016 revelation by Yahoo that hackers connected to a foreign state-sponsored group “stole names, email addresses, phone numbers, dates of birth, and encrypted and unencrypted security questions and answers from more than 1 billion accounts.” 

Our government is no better. The competency of some of our most sophisticated U.S. agencies and departments in this same realm was made equally clear in 2015, when hackers were able to steal the fingerprint records of 5.6 million government employees.

Today, catastrophic fails by companies and official institutions to safeguard the most sensitive and private information of people are no longer a surprise. They are weekly news.

If the current public and private sector stewards of our digital safety and privacy can’t protect us, then who can be trusted to make decisions about who can see and access your personal information? The answer is clear: You can trust yourself.

The danger in our digital lives is that we don’t usually know or have any real choice over what we’re sharing or with whom, or how long that data will live. In fact, the data will live forever.

We also don’t know how our personally identifiable information will ultimately be used or abused. With the onslaught of long “terms of use” pop-ups incomprehensible to the average user, consent has become largely a sham.

It’s increasingly difficult and not realistic to opt out of what has become a virtual home for so many of our basic transactions and relationships: our banking, our credit cards, our access to shopping and essential services, our links to our kids’ schools and our contact with our loved ones.

So we close our eyes and click “accept” and simply trust.

This ostrich-in-the-sand approach works fine until something really bad actually happens to you, such as identity theft, or the undermining of our democracy.

There are actions, though, we can all take to protect ourselves as users of Facebook, and in our digital lives. Here are just a few:

1. Go right now and check your Facebook privacy settings. Are they what you want?

2. Stop giving away your phone number to strangers – and that includes companies and social media platforms. A phone number can potentially open access to a treasure trove for data miners, hackers and other abusers of personal information.

3. Download your pictures from Facebook. If there comes a time when you decide you need to quickly self-deport from the platform, you don’t want to lose all those memories.

4. Start to use different identities to log-in to Facebook and your other social media platforms. Lots of millennial already do this on Instagram. It’s a thing, and it’s easy to do.

5. Facebook is addictive. Are you on it because you’re engaged in meaningful activity, or because you’re seeking that little dopamine hit when somebody “hearts” your selfie? If you feel you might have a problem, start to wean yourself. Try putting the icon on the second page of your smartphone screen, and turn off your notifications.

6. In the digital world, if something is free, it means your data is probably being harvested. If you can pay for a service that doesn’t require your personal information as the trade, that might be preferable.

7. Stop taking those “fun” quizzes on social media platforms. They are mostly scams to steal your personal information. They not only impact you, but they can open access to all your friends. Plus, do you really need to know which Norse god you are?

This week in Washington, Mark Zuckerberg is unlikely to say is that the Internet isn’t safe, and that its stewards can’t be trusted.

In the end, we don’t need hollow promises from tech titans that they care about privacy. And we don’t need legislation attempting to require the impossible. We especially don’t need to be told to opt out of a digital world that is an essential part of our culture, community and commerce.

What we do need is to be allowed to opt in – to take full ownership and management responsibility over our own information and online identities.

Hopefully, in the course of this week’s hearings – in questions from lawmakers and in Zuckerberg’s answers – and in the weeks and months to follow, we can see private and public sector momentum to deliver back control over privacy and personal information to the individual.

That is where this control rightly and necessarily belongs.

Steve Shillingford is a digital privacy and cybersecurity expert, and is founder and CEO of Anonyome Labs.