Cambridge Analytica is “only the beginning”: Imperial data expert weighs in

Breaching the security of just one 'node' can affect the whole network

Dr Yves-Alexandre de Montjoye has warned of the risk of privacy attacks that happen through friends.

In a recent paper and accompanying blog post, data security expert Dr de Montjoye, from Imperial College London’s Data Science Institute and

Department of Computing, said attacks on privacy through friends are becoming a major risk in today’s society.

He said: “In our modern networked societies, privacy is a shared responsibility, because the people we interact with affect our privacy. What’s worrying is that an online friend can, often without knowing it, share your data and that of other friends just by downloading seemingly innocent apps.”

The issue has been covered widely in the media after a whistleblower’s revelations that Cambridge Analytica obtained private data on 30 to 50 million Americans.

The Cambridge Analytica story is one of the first large scale examples of such group privacy attacks, and it is unlikely to be the last Dr Yves-Alexandre de Montjoye Data Science Institute

They then used this information to assist Donald Trump's 2017 presidential campaign through a large scale, targeted, Facebook ad campaign.

Facebook has now claimed that profiles of 80 million Americans and more than one million people in the UK have been shared with the company.

The revelations cast doubt on current approaches to privacy, and highlight the ethical and legal issues with third-party companies harvesting data on users' friends and contacts.

Node-based intrusions

Humans interact along complex social networks. In their paper, Dr de Montjoye's team studied what happens when some nodes in the network are compromised, like when people within a network install a malicious app.

You could be very careful with your privacy, but if your friends are not, then you are vulnerable. Dr Yves-Alexandre de Montjoye Data Science Institute

Using a network modelling study, they found that such "node-based intrusions" were surprisingly effective on Facebook, but also on other networks such as phone communication networks.

Their findings emphasise the network effects of modern privacy: getting a few people to install an app allows you to collect data about a large number of people.

Dr de Montjoye explained that: “You could be very careful with your privacy, but if your friends are not, then you are vulnerable. Network effects make us very vulnerable to node-based intrusions on even a small fraction of the network.

“The Cambridge Analytica story is one of the first large scale examples of such group privacy attacks, and it is unlikely to be the last.”

"Quantifying Surveillance in the Networked Age: Node-based Intrusions and Group Privacy" by Laura Radaelli, Piotr Sapiezynski, Florimond Houssiau, Erez Shmueli, & Yves-Alexandre de Montjoye, published 2018.

"Cambridge Analytica is only the beginning and you might have your friends to blame for it" by Yves-Alexandre de Montjoye, Florimond Houssiau, Piotr Sapiezynski, & Laura Radaelli, published 29 March 2018.

Image credits:

Main: nobeastsofierce/Shutterstock

Body text: Yves-Alexandre de Montjoye