Cyber safety and cyber security in the age of privacy
The 21st century has had its very own industrial revolution with the internet and all its communication pathways. It has also created a new perspective on people, charged by the massive amounts of data collected through internet use, which has led to the saying “data is the oil of the 21st century” (Martínez, 2019). Put an item in the shopping cart of an online shop? It’s logged. Watch a video? Your cookies put it in your media list. Upload a photo? Algorithms identify the content, recognise faces and link them to the respective accounts (Sebastian Schuon). Almost all platforms we use on the internet save and process user data to an enormous extend (Curran, 2018).
This leads to a situation where the biggest companies have pseudo-anonymised profiles of shopping habits, hobbies, interpersonal networks and media consumed. These profiles are so detailed that they can come to conclusions about personal information, without ever receiving the specific data. An experiment showed that an algorithm is more likely to guess a user’s sexuality than their closest friends (Wang, 2017).
Furthermore, users lose control about what information is out there about them. Big data sets are processed by the biggest companies in the world with an unknown outcome for the users. Marketing is now focused on personalised, targeted advertisement, showing products to the users that they are most likely to purchase (Folgate, 2018). In addition, endless lists with user profiles and personal data are being sold on the black market, primarily to scam users (Patterson, 2019).
Online Safety and Cyber Security
When we talk about risks online, two concepts come to mind: online safety and cyber security. Cyber security addresses digital safeguards on a state and population level, and it seeks to protect critical infrastructure, such as government services, health, communication and energy networks. Online safety, on the other hand, is about the individual’s competence in protecting themselves from harm. This article will primarily focus on online safety aspects, as it more closely relates to youth work.
Child protection
Within the topic of safety, it is important to distinguish between the protection of children and the safety of young people. Children are more susceptible to threats from others and less likely to be able to protect themselves. Therefore, many child-friendly platforms are designed under the walled garden approach (Malone, 2007). In essence, this means that in order to prevent harm they offer a heavily restricted platform, which limits the child’s options. However, the pedagogical paradigm is shifting towards the early empowerment of children to recognise threats and to address them with caregivers.
Core issues when protecting children are grooming/sextortion, protection from harmful content and bullying.
Grooming describes the advances of older persons to children, usually with sexual intent. Sextortion is a method of grooming in which the predators extort images from the children through intimidation tactics. Further information on the subject can be found in the article on Sextortion.
Protection from harmful content is very age specific. Many websites are tailored towards children and provide age appropriate content or filter mechanisms to select what kind of content a child should be able to access. However, strangers with malicious intent can still try to break into these safe spaces and expose children to harmful content. For example, the child-oriented service YouTube Kids has an algorithm suggesting further content, based on what the child has been watching before. Videos are filtered and only child-friendly tagged videos are approved for the queue. In recent years, people have added videos about abuse and self-harm to the lists using the imagery of children cartoons. The algorithm was not able to filter them out and it took a while to identify problematic videos through the report function, as many parents rely on the platform to monitor the content (Bridle, 2019). The problem is even enhanced by the rise of live-streaming as a format. In this, users watch a video while it is being uploaded. Currently, algorithms are not able to filter problematic content fast enough during the upload. There are also certain web myths and practices that are frequently replicated in children’s playgrounds. Recent phenomena have included “Momo”, a bird-like, spooky creature telling children to harm themselves, or the “blue whale game”, a game of Simon Says via web chat that presents escalating challenges to the children that eventually leads to self-harm. Another classic method is chain letters via messenger services, which can create anxiety for children. In addressing these phenomena, many local NGOs and some international networks offer awareness campaigns as well as school and parent workshops to inform people of these phenomena (Better Internet for Kids, 2019). A key in preventing a lasting impact from such exposure is engagement from parents in contextualising what the children saw and reducing the impact of the harmful content.
Cyberbullying is not a new phenomenon; bullying has always taken place among children. The internet, however, has added a great deal of explosive potential to it, as it can now be easily escalated through digital means. While bullying in the past would stop at the doorstep, cyberbullying follows the children home through their smartphones, leaving hardly any spaces for victims to retreat to. To read more about the topic, check out our article cyberbullying!
Online safety and youth empowerment
While child protection is very much about advertising danger, this approach is limited in success due to the constant evolution of technology. In addition, teenagers quickly break out of preserving restrictions, so a different approach to ensure safety for adolescents is needed. This approach focuses more on empowerment and equipping young people with the skills to protect themselves.
Many illicit threats linger online. On the one hand, young people need to protect themselves from the malicious behaviour of others, while, on the other hand, they also need to learn how to act responsibly on the net to avoid illegal actions.
A big threat is escalating engagements with other users. People get into arguments and curse words are exchanged. If it does not stop there, the escalation might include hate speech, harassment or doxxing. Hate speech is incitement to violence against vulnerable groups. For further information, check out the following article (link). Harassment comes in various forms of insults and intimidation and can escalate to stalking behavior, in which the perpetrator digs into the online presence of the victim and follows their trails to confront them with personal information they were not likely to know. This behaviour coupled with hacking is called doxxing. Doxxing is the process of obtaining personal information and publishing it on the internet in order to intimidate someone and make them vulnerable to further attacks.
It is hard to escape this kind of behaviour, as nearly every action online leaves a traceable footprint. A first step needs to be to make young people aware of their digital footprint, as well as equip them with the means to manage it and the right attitude to deal with their information. A second step needs to be in avoiding cultivating such behaviours in young people and discouraging them from using such malicious means.
In order to teach young people about data protection, it is important to understand the ways data flows on the internet, which companies gather which data and how it interacts. Some of the biggest collectors are Facebook and Google, and the data they retain is incredibly detailed (Curran, 2018). It is also very useful to present young people with the information on how their data is used, eg. for targeted advertisement, predictive shopping or even beyond that to modify user behaviour towards a desired outcome. The predictions are dire in Shoshana Zuboff’s book The Age of Surveillance Capitalism (Zuboff, 2019).
Once young people are aware of the challenges digitisation can bring, it is important to provide them with alternatives. These can range from behavioural change such as choosing platforms that collect less information, a conscious decision on what to post and what to keep, or reducing the amount of apps on their phones, to more practical knowledge, such as setting up browser extensions, preventing tracking or using tunneling to hide their location.
When it comes to hacking, no method is foolproof but basic guidelines can decrease the likelihood of getting hacked. Safe passwords can easily be created using passphrases instead of short cryptic passcodes. As a rule of thumb, the longer the password is, the more difficult it is to decrypt. Passphrases should not be known by other people and not be reused. In order to retain passwords for many platforms, it is possible to use password safes, which store the passwords locked on the hard drive and make them available whenever needed. The password safe is itself locked by a passphrase but it reduces the amount of passphrases to remember to 1.
Last but not least, encryption can secure communication by creating password locked conversations between two people, without giving any external actors access to the conversation. However, encryption tools can be difficult to set up. Collectives such as the crypto party movement support users in this (CryptoParty, 2019), and they are dedicated to teaching digital self-defence, i.e., explaining the ways people can keep themselves safe from digital threats.
The role of youth workers and educators in data protection
Educators and youth workers need to be able to protect the personal information of their clients. GDPR sets basic standards (European Commission, 2019) that need to be upheld when professionally dealing with the personal information of others. With access to particularly sensitive information, they need to consider how to use that information responsibly by following the core principles of data protection:
- Data minimisation – no more data than necessary should be collected
- Decentralisation – information should not be combined from different sources, in order to allow clients control over who has what of their personal information
- Consent – data can only be used with the specific consent of the client for that specific purpose
In addition to the legal requirements, youth workers should also keep up with protective measures. Their genuine access to information about the private lives of young people can be exploited if they are hacked or are tricked into giving strangers access to that information. To retain young people’s confidence, they need to be able to keep secure the information they handle.