Facebook’s atrocious treatment of user privacy isn’t news anymore, but the details are worth studying if you deal in sensitive data. Educational institutions handle a lot of confidential information, so let’s look at how Facebook inadvertently disclosed personal information on millions of users.
The immediate cause of the leak was a software bug. Software is complicated, and bugs happen. Facebook’s programmers can be forgiven for occasional bugs, even serious ones. The real problem isn’t with the code, but with the way confidential data is handled. There are a few rules that it’s vital to follow:
- Don’t ask for information you don’t need. Bugs are always possible, and the FBI or NSA can order you to give them information and never tell anyone. If you don’t have it, nothing can take it away.
- If you get confidential information incidentally and don’t need it, discard it immediately. Sometimes what you collect comes with extra information. Drop it at the input stage. This limits your vulnerability.
- If you do need to keep confidential information, treat it with special care. Encrypt it. Don’t leave any unprotected copies around. Restrict access to the data to the processes that need it.
Anything less than this is negligence, and Facebook clearly missed on at least two out of three. It asked people to upload their entire contact lists. (The users who did share the blame.) It didn’t discard unnecessary information. Failure to give special protection to contact information was likely a contributing factor.
Software is always buggy, and protection in critical cases should be multi-layered. A database should have only the information that’s needed. Access to its critical tables should be restricted by role. Software shouldn’t blindly pass on everything that’s available. If all this is done, it takes multiple bugs to leak data. There’s no such thing as 100% safety, but an approach like this gives Murphy the fewest opportunities.