Desk of the CEO: Facebook & Google Must Choose Life or Death by Regulation

Social media and web platforms have given people the power to create and share ideas instantly, build community and bring the world closer together. They have been at the seat of democratization efforts and revolutions around the globe. In short, they have, and will continue to shape our global human networks.

However, the openness and vast scale of these platforms have created a new vehicle for people to exploit them for their own nefarious means. Hacktivists, cybercriminals, election meddlers and purveyors of less-than-accurate news have taken to these newly connected platforms in droves, undermining the rich community that has been built. It has come crashing to the forefront of our awareness in 2016, again in 2017, and now in 2018.

Attackers can still create a fake account or website in minutes to leverage user trust and attack with incredibly high success rates. It’s not just the content attackers post; security is dictated by the fundamental fabric of the platform -- how users interact, how profiles are built, and how data is shared and protected. And from an economic perspective, when the cost of an attack is low and its success high, the demand will only increase. It only costs $.09 to buy a validated social media account on the grey market and buying a user’s personal login data costs less than a sandwich.

These security challenges impact individual users, businesses and governments alike. Individuals deal with biased and deceptive information, their accounts are constantly at risk of being hacked, and they are victims of fraud and scams. Businesses struggle to protect their brand from impersonations, their customer experience from fraudulent services and products, and their overall security from targeted phishing and malware attacks. Government actors are using social networks as the foundation for cyberwar. Many organizations, including the Department of Defense, HBO, the Associated Press, Deloitte, and Vevo, have been directly attacked on social media.

Put simply, these social media and web platforms have grown beyond the companies that operate them, and there are few historical playbooks to mimic. It will require an industry-wide effort to fully address these unforeseen, unprecedented security challenges.

To be the masters of their own destiny, and to avoid having outside regulations imposed on how they operate, the bearers of community trust must set the tone for how they handle the protection of their users. Peers in parallel industries that have been heavily regulated in prior years are already driving the governments of the world to come regulate the industry. The security community’s ethos is based on protecting users across technology devices, platforms, and applications including social media and web platforms. The most direct way to build a trusted, collaborative and fundamentally secure platform is to let the community of security experts help draw the map for these uncharted waters. Transparency builds trust; trust is the foundation for security.

The model has already been proven. Historically, technology and communication platforms have realized gains through enlisting external partners to help with security. Microsoft and Apple both invited vetted vendors to deeply integrate with their technology to provide strong security for the users of their devices and software. These vendors are specialized and the market-leading juggernauts; security is in their DNA. This collaborative relationship between platform and security provider is made possible by an open model in which 3rd parties can leverage comprehensive integrations. These security providers dedicate 100% of their resources to the security of the fundamental fabric of the platform and its users.

Outsiders looking in will never be able to fully appreciate the problems that are facing the largest social and web platforms today. However, these problems will only become exacerbated if new counterproductive regulation -- possibly written by unsympathetic government agencies -- is added on top of the other existing and growing list of challenges. Future regulation will impede these platforms’ ability to quickly innovate and address the problem at its root.

The world’s top innovators and platforms have the opportunity to quickly come together to show how technology leaders can define best practices, leverage the power of an open security, academic and public sector community, and fight this battle as a team. Alternatively, if they choose the lonely one-lane-wide Silicon Valley road traveled often, then I would expect governments to stymie their data business model and billions could erode in advertising revenue over the next few years due to increased privacy regulation.