Commentary: Shocking risks and little control - the scary things about Facebook’s outage
We use various services each day to learn about the COVID-19 situation, to get food and more. Yet the recourse we have when Facebook goes down is incredibly limited, says Benjamin Ang.
SINGAPORE: Most of us in Singapore were asleep when Facebook and its other platforms went offline through the night.
For casual users, it was a minor inconvenience, an annoyance, or even a good time to disconnect for a social media detox if taken positively.
But imagine the impact had this been during daytime here.
We know it was a harrowing six hours in time zones where businesses rely on those platforms to transact business, families rely on them for communication and countless others rely on Facebook login to access other services.
Facebook shares plummeted by 5 per cent on that same day. Some US firms have reportedly estimated their sales were impacted by 30 per cent that day.
It was nothing short of an infrastructural collapse. In the dozens of countries where Facebook is the only de facto means to access the Internet, millions of people were suddenly cut off from communications and services.
TECHNOLOGY CAN FAIL VERY FAST
This is not just about Facebook, Instagram or WhatsApp but the lessons we need to learn before a bigger outage happens.
After all, the incident most worryingly reveals how fast even the most advanced platforms can fail, despite having thousands of engineers working to get it back up.
The outage was not caused by a cyberattack or a hardware failure but human error introduced during routine maintenance.
A coding mistake shut down the company’s connection between data centres and took down the DNS (Domain Name System) servers which direct and track traffic offline, killing network access even for frontline engineers trying to fix the problem.
Keeping in mind this is a huge company with more end users (3.4 billion) than the population of many countries, and whose revenue (US$85.9 billion) is larger than many countries’ gross domestic product, the episode underscores how reliant the world is on a relatively tiny number of servers, which can be taken offline by a mere technical mistake.
What more then if an insider was planted, bribed or blackmailed to bring down Big Tech firms like Facebook to paralyse societies in an act of terror, ransom or mischief?
Listen to experts break down the changes to Whatsapp's terms and conditions and discuss the developments leading up to the point where "all hell broke loose" on CNA's Heart of the Matter podcast:
RELIANT ON RANGE OF INTERCONNECTED TECH PLATFORMS
These risks are shocking because we rarely consider how pervasive and interconnected Big Tech platforms are, and how many services we take for granted each day. The network effect such platforms offer can be a boon, but they can also be a bane.
If one or more stop working for a day or two, our lives would be enormously impacted.
We may use Facebook to log in to apps we use daily and rely on WhatsApp to communicate but it’s not just Facebook platforms.
Work-from-home during this pandemic has only been enabled because of access to emails on Microsoft Outlook, messages on Slack and video calls on Zoom.
The services we use - from food delivery, grocery deliveries, and ride-sharing apps - rely on Google Maps. Many news sites rely on Google Ads for revenue.
Millions also depend on big platforms for information about what is happening around them, because the platforms are their primary or only means of accessing the Internet.
Yet recent revelations of Facebook’s downplaying of COVID-19 vaccine misinformation, the role of Instagram in worsening teen mental health and more uncovered by the Wall Street Journal last month remind us of the costs of this reliance.
Still, because it offers economies of scale and quick authentication, Facebook platforms including Whatsapp have also become official communication channels on COVID-19.
Rollouts of authenticated, “green-ticked” accounts for business and government communications have shored up trust and allowed the use of instant, verified communications better than SMSes and calls.
Yet what would have happened if Facebook and WhatsApp had been down when the Singapore Government needed to announce new COVID-19 measures?
REGULATIONS TO PROTECT COMMUNICATION CHANNELS
Cognisant of how infocommunication technology has become an essential service, countries have thus far focused on protecting such critical infrastructure.
For example, Singapore’s Cybersecurity Strategy launched in 2016 outlines the country’s proactive stance to protect identified critical information infrastructure that provides essential services in 11 sectors (aviation, banking and finance, energy, government, healthcare, info-comms, land transport, maritime, media, security and emergency services, and water). Singapore’s Cybersecurity Act also imposes regulations on key companies to protect their systems.
Yet incidents like the Facebook outage highlight systems outside this list that do not deliver essential services but can affect Singapore significantly if “disrupted or compromised”, to use the words of the new Singapore Cybersecurity Strategy 2021 launched at Singapore International Cyber Week last week.
Tech companies have been put on notice. They know they have a duty to protect systems, avoid passing costs to society, and manage the regulatory fallout on bottom lines.
The Internet is a complex mix of engineering, governance and security. There is responsibility across the corporate, national, community and even individual levels.
We cannot leave this to any single entity because of concentration risk; we all have a part to play.
BUILDING RESILIENCE AGAINST THE NEXT OUTAGE
Still, these developments won’t slow much less stop the relentless march of the digital economy. The solution must lie in building up our resilience in such a digital failure.
Diversifying the technologies we use might seem expensive, even wasteful when we won’t use more than one main channel when they work well.
Yet these redundancies are essential back-up plans in emergencies for communicating, transacting, and working that tackles our singular reliance on any one channel. Who knows when the next outage will be and how long that can last?
When Sony was hacked in 2014, its employees resorted to fax machines, pen and paper. Some business continuity plans include email mailing lists (in case social media fails), phone lists (in case email fails), and even back-up generators (in case electricity fails). Estonia backs up national data in "data embassies" around the world.
For critical communications, especially pandemic-related ones, Singapore too needs a backup of easily verified communication systems. These could be SingPass-verified apps that enable secure and verified communications between residents and authorities, or manual solutions that do not use the Internet.
We cannot rely on only one source of water, so over the years we have built our reservoirs and treatment plants. In the same way, we cannot rely on single sources of technology. And we need to start building alternatives now.
Benjamin Ang is Education Chair of the Internet Society Singapore Chapter (ISOC SG) and Deputy Head of the Centre of Excellence for National Security at the S Rajaratnam School of International Studies at the Nanyang Technological University.