THE COMMODIFICATION OF BIG DATA
Technological change isn’t cheap, and with the constant change and improvements, the price of the power rises astronomically. It seems that almost daily we read about the development of new systems integrating technologies and creating applications that would have been considered science fiction even 20 years ago. It didn’t take long for companies to realize they could monetize their investments: Big Data is a powerful and highly valuable commodity.
“Consumer activity has rarely been exempt from some form of observation, even in the traditional open-air market,” note media studies professors Nick Couldry and Ulises A. Mejias in their book, The Costs of Connection: How Data is Colonizing Human Life and Appropriating It for Capitalism (Stanford University Press, 2019). As they see it, “the decisive shift came in the 2010s with the convergent growth of social media platforms, connected mobile devices and ever more sophisticated ‘smart environments’ that made possible something close to ‘autonomous’ surveillance.”
People are encouraged—even enticed—to connect digitally. “But,” attorneys Couldry and Mejias remind us, “this convenience is not free—it is purchased with vast amounts of personal data transferred through shadowy back channels to corporations using it to generate profit.” These research ers, in fact, believe we are all being held in a new form of “data colonialism,” which is leading to new ways to not just predict but often control “our ways of knowing; our means of production; our political participation.”
Google can easily give away access to its suites of business/ educational software because the real value is in the collection of data of all of the millions (if not billions) of users who access these systems every day. Through Google Pay, Google Ads, Google AdSense, and Google Analytics, the company is able to bring in billions of dollars. Google’s overwhelming takeover of educational markets has been stunning, with New York Times reporter Natasha Singer, in her May 13, 2017, article “How Google Took Over the Classroom,” calling this a “profound shift in American education: the Googlification of the classroom” (nytimes.com/2017/05/13/technology/google-education-chromebooks-schools.html).
THE RIGHT TO BE FORGOTTEN?
The European Union is seeking to establish a reset button with its Right to be Forgotten (gdpr-info.eu/issues/right-to-be-forgotten). The General Data Protection Regulation (GD PR)’s Right to be Forgotten establishes an international human right in respect to access of information. Citing the vagueness of current rulings attempting to implement such a right, the size of the entire EU market has forced data-intensive companies to figure out how to mold and adapt their systems to this new standard.
Two Los Angeles attorneys, Karl Manheim and Lyric Caplan, sum up the issues in a 2019 paper, “Artificial Intelligence: Risks to Privacy and Democracy,” published in The Yale Journal of Law and Technology (yjolt.org/sites/default/files/21_yale_j.l._tech._106_0.pdf):
“Privacy, anonymity and autonomy are the main casualties of AI’s ability to manipulate choices in economic and political decisions. The way forward requires greater attention to these risks at the national level, and attendant regulation. In its absence, technology giants, all of whom are heavily investing in and profiting from AI, will dominate not only the public discourse, but also the future of our core values and democratic institutions.”
In early 2019, a bill was proposed in Congress called Designing Accounting Safeguards to Help Broaden Oversight And Regulations on Data (DASHBOARD) Act that would force companies to “disclose the ‘true value’ of their data to users.” The bill isn’t expected to pass this year (warner.senate.gov/public/index.cfm/2019/6/warner-hawley-introduce-bill-to-force-social-media-companies-to-disclose-how-they-are-monetizing-user-data).
A July 2019 article in USA TODAY, written by Motley Fool Staff, pointed out the difficulty in determining the value of all this personal data: “[B]ig Data contains the mundane yet intimate moments of people’s lives. And, if Facebook captures your interactions with friends and family, Google your late night searches, and Alexa your living room commands, wouldn’t you want to know, as the bill suggests, what your ‘data is worth and to whom it is sold’?” (usatoday.com/story/tech/2019/07/14/facebook-twitter-how-much-data-worth/39677311).
THE SUMMER OF ‘CRIPPLING RANSOMWARE ATTACKS’
Perhaps an even more disturbing trend is the rise of individuals or groups primed to disrupt or threaten to destroy organizational computing networks unless their demands are met. And libraries and information industries have been prime targets.
Ransomware is a specific type of malware with the goal of disrupting activity or stealing information with the purpose of holding it hostage for payment. This type of cyberattack has been rising in recent years and has increased by 195% from the fourth quarter of 2018 to the first quarter of 2019 according to HealthIT Security (healthitsecurity.com/news/ransomware-attacks-on-business-targets-increase-by-195-in-q1). Ransom ware involves the use of malware or a virus that prevents users from accessing their systems or data until the hackers have been paid. Ransomware attacks may not only block access to files but attack the basic programming underlying a system.
In August 2019, New York Times ’ reporters Manny Fernandez, David E. Sanger, and Marina Trahan Martinez wrote that “22 cities across Texas … are simultaneously being held hostage for millions of dollars after a sophisticated hacker, perhaps a group of them, infiltrated their computer systems and encrypted their data. The attack instigated a statewide disaster-style response that includes the National Guard and a widening F.B.I. inquiry” (nytimes.com/2019/08/20/us/texas-ransomware.html?module=inline).
Among the agencies affected were the public libraries in each of these communities, which had to go back to pen and paper systems for checking out materials. Hospitals, businesses, and other networks have for years been targets of ransomware attacks. But in recent years, hackers have increasingly focused on local governments, according to another 2019 New York Times’ article (nytimes.com/2019/07/07/us/florida-ransom-hack.html?module=inline).
IT security firm Protenus reports that 32 million patient records were breached in the first half of 2019. This is more than double the number of records breached over the entire 2018 calendar year, according to Rebecca Pifer (healthcaredive.com/news/data-breaches-in-2019-already-double-all-of-last-year/560059). As reported by Jessica Kim Cohen, in another data breach this year, American Medical Collection Agency was found to have been hacked for financial, health, and personal information on an estimated 20 million patients of Quest Diagnostics and LabCorp, which have locations across the U.S. (modernhealthcare.com/cybersecurity/state-ags-investigate-breach-quest-diagnostics-labcorp).
A report from Risk Based Security estimates, “For the first six months of 2019, the number of breaches increased by 54% compared to the same time last year” (pages.riskbasedsecurity.com/2019-midyear-data-breach-quickview-report). All this happened despite the multiple levels of encryption that are being used today to protect sensitive data.
For institutions, experts recommend creating and enforcing Information security policies, but technology and the cheaters always seem to be a few steps ahead of the curve. IBM Security recently announced the results of a global study exploring organizations’ preparedness when it comes to withstanding and recovering from a cyberattack. The study, conducted by the Ponemon Institute on behalf of IBM, found that a vast majority of organizations surveyed are still unprepared to properly respond to cybersecurity incidents, with 77% of respondents indicating they do not have a cybersecurity incident response plan applied consistently across the enterprise (newsroom.ibm.com/2019-04-11-IBM-Study-More-Than-Half-of-Organizations-with-Cybersecurity-Incident-Response-Plans-Fail-to-Test-Them).
LIBRARIES UNDER ATTACK
Not all types of organizations are required to report their attacks, making comprehensive data impossible. In the first half of 2019, Risk Based Security analyzed reported data breaches, finding these industries the most hacked, in order of prevalence: Health Care, Retail, Insurance and Finance, Public Administration, Information, Scientific/Professional, Education and Manufacturing.
Libraries are not safe from these exposures. Onondaga County Libraries experienced a ransomware attack in July 2019, which held the library system hostage (spectrumlocalnews.com/nys/central-ny/news/2019/07/17/onondaga-county-libraries-hit-by-ransomware-). “Before a ransom request was received the library system was shut down, however, if a ransom was requested the spokesperson said the county would not pay it. … The additional cost to Onondaga County taxpayers [was] still unclear” at the time of the attack. The Butler County Federated Library System, which links 10 local public libraries in Pennsylvania, continued “to work on their online system following a July 2019 ransomware attack” (butlerradio.com/ransomware-attack-hits-local-libraries).
“An attempt to hold information and access to the world for ransom is deeply frightening and offensive to any public library, and we will make every effort to keep that world available to our patrons,” Waller McGuire, executive director of St. Louis Public Library, told the BBC in January 2017 after its ransomware attack. “The real victims of this criminal attack,” he noted, “are the library’s patrons” (bbc.com/news/technology-38731011).
Educational institutions are estimated to have 10 times the rate of ransomware infections than the finance industry and three times the rate of healthcare organizations (securityboulevard.com/2018/08/learning-held-hostage-how-to-prepare-for-and-prevent-data-loss-due-to-ransomware). “Colleges and universities are especially vulnerable to attacks since their networks include complex levels of access,” write Katie Wendel and James Shreve (thompsoncoburn.com/insights/blogs/regucation/post/2019-07-22/ransomware-attacks-what-higher-education-institutions-need-to-know). Echoing this sentiment, Lamar University provides a useful list of attack threats and possible solutions at lamar.edu/it-services-and-support/security/awareness/colleges-and-universities-are-prime-cyberattack-targets.html.