Friday 31 July 2020 4:20 am

A data arms race has begun — it’s not a game, it’s a national security imperative

Jamal Ahmed is a fellow of information privacy and chief executive of Kazient Privacy Experts

Data privacy is a human right. It is also a matter of national — and international — security. 

If the “new Cold War” is upon us, as has been claimed on City A.M., it will be fought with information. 

However, the west seems less serious about the “data arms race” than China and Russia, leaving us all vulnerable. 

Read more: High-profile Twitter users’ private messages hacked in cyber attack

The fears around Huawei, which led to the Chinese telecoms giant being barred from infrastructure projects in various western nations, are valid. Personal data can be dangerous when it falls into the wrong hands, weakening our societies and democracies. Defending it should be beyond party politics, which is why I am calling for a newly expanded Department of Defense and Data in the US, or Ministry of Defence and Data in the UK.

I have seen data as a liberty and security issue for years. For many, this sounds strange — personal data can be an abstract concept, perhaps because we don’t really know how much of our personal information is out there and struggle to visualise how it could be used against us.

But by 2025, the total amount of data out in the world will exceed 175 zettabytes — that’s 175 trillion gigabytes. The ironic privacy paradox here is that we increasingly say we care about what happens to our data, but at the same time we’re addicted to giving it away, and blase about who gets it.

Companies regularly and systematically process our data to change our behaviour. But what happens when it is more than purchasing behaviour being changed? And what if that behaviour is ultimately not in our interests? There are currently no restrictions on a data owner sharing information with a hostile power — this must change.

Increasingly, data is viewed by companies and even governments as the new oil. With oil, many a war has been waged or prolonged because of the precious resource, the flow of which is carefully managed. It is time we treat data the same.

Even a little information is enough to figure out our most personal, intimate details. Just a few likes on Facebook can identify a user’s sexual orientation or political and religious beliefs — all issues which would be of interest to foreign powers looking to disrupt our social fabric.

Targeted information has been used as a tool in combat before. Billions of leaflets were dropped over western Europe during the Second World War, and more recently in Afghanistan and Syria, in order to manipulate and influence populations. Data warfare is the same — on a much grander scale, and at lower cost. Crucially, the actor behind such campaigns can remain hidden.

We have already seen how personal data has the power to change the course of history, which makes it all the more shocking that it is still not being treated as a national security or defence issue. 

In 2018, Cambridge Analytica mined the data of 87m Facebook users without their consent. The company used this data to create psychological profiles for each user, in order to influence them with targeted political advertising. By understanding the users on a deep and personal level, they claimed to be able to influence their voting patterns — a technique it said helped swing the 2016 presidential election in Donald Trump’s favour. 

Cambridge Analytica has also been linked to the successful Brexit campaign. We don’t know the extent of its impact, but it is worrying that little has been done by national governments to prevent this from happening again.

Furthermore, we now know that Russia actively interfered in the 2016 US election, by hacking and stealing the personal information of hundreds of thousands of Americans and releasing propaganda. The ability of foreign actors to influence elections demonstrates the acute need to put both data privacy (regulating how data is deliberately shared) and data security (protecting data from being hacked) at the heart of a new “data defence strategy”.

Tellingly, while Britain’s recently released “Russia Report” did not confirm explicitly whether there had been interference by Russia in the Scottish and Brexit referendums, it did say that the UK was a ripe target for “disinformation campaigns”, and that there had been credible reports to suggest that there had been Russian meddling.  

What are we going to do about this? In the UK, the reaction has been disappointing. Russian disinformation was described in the report as a “hot potato”, with no one organisation willing to take the responsibility to combat it. This hardly inspires confidence. 

Current data regulation is confused and bureaucratic. The only way to protect its national security element is to make it a part of defence strategy on both sides of the Atlantic. By beefed-up defence agencies the authority to deal on matters of cybersecurity as well as traditional warfare, we can employ a joined-up strategy against the interrelated threats we face.

This may seem over the top, but the scale of the threat is huge: 3.5bn people’s personal data was stolen in the top two of 15 biggest breaches of this century alone, 87 per cent of organisations claim to have an insufficient budget for cybersecurity, and one small business is hacked successfully every 19 seconds in the UK. 

The new frontline is on every phone, tablet, laptop and server in the western world. And it is time we sent reinforcements to those trenches.

Read more: Russia remains dangerous, but don’t confuse it for a superpower

Main image credit: Getty

City A.M.'s opinion pages are a place for thought-provoking views and debate. These views are not necessarily shared by City A.M.