While Mark Zuckerberg tells us that the job of making Facebook secure is a “never-ending battle,” security issues—especially since 9/11—have been mirrored between the battlefields in the Middle East and the realm of social media. Now the language of protection makes as much sense when hearing about homeland security as it does when listening to Zuckerberg testify before Congress, as he did recently.

In studying various breaches of private data over the years, one common factor that emerges among many of these wide-ranging incidents is that they occurred because of human error. For instance, take the 2007 HM Revenue & Customs data breach, the largest in the United Kingdom’s history, in which two CDs containing the records of approximately 25 million child-benefit claimants—corresponding to every child in the U.K.—went missing in the mail. This benefit (common in the U.K., Canada and most European Union countries) is paid to everyone who has a child, irrespective of wealth. The error was chalked up to poorly trained employees. Last May, a massive security breach hit Equifax, one of the largest credit bureaus in the United States. That attack, in which 145.5 million consumers’ private information was hacked, was discovered more than two months after it happened. The Equifax hack, too, was chalked up to “human error and technology failures” and led to a congressional hearing in October.

So it came as a surprise when Zuckerberg revealed on April 11 that Facebook collects approximately 29,000 points of data on each of its users, in addition to the “detailed profiles on people who have never signed up for Facebook.” This means that information is collected on people regardless of their consent or location. And the bigger picture becomes clearer when we understand the interstitial interactions taking place between corporations and governments, especially in light of the recent developments with Cambridge Analytica (an offshoot of the SCL Group) and Facebook.

This story is not simply about how, in the summer of 2014, University of Cambridge quantitative psychologist Dr. Aleksandr Kogan, using a Facebook-hosted personality quiz named “This is my digital life” (also “thisismydigitallife”), was able to access the Facebook profiles of all 270,000 people who took the quiz and pass on their data to SCL/Cambridge Analytica. The reality is far more sinister. As we are now learning, the 2014 harvesting of the original data set by Kogan’s Global Science Research occurred when the application programming interface was far more porous than today. The data that was scraped afforded access to a total of 87 million Facebook users.

This information was then integrated with other data sets to build the profiles of somewhere between 30 million and 50 million U.S. voters. And it gets worse, as Paul Grewal, vice president and deputy general counsel of Facebook, detailed on March 16, saying that SCL/Cambridge Analytica is “a firm that does political, government and military work around the globe.”

You do the math.

In states such the U.K., where the Investigatory Powers Act (IPA), also known as the Snooper’s Charter, has been in effect since 2017, the government has been granted enormous surveillance powers. As stipulated by the IPA, internet companies must now keep customers’ web traffic history for 12 months. The IPA also authorizes spying agencies and the police to conduct the mass hacking of personal computers, smartphones, information technology infrastructures and any electronic device. This legislation also includes the ability to intercept or unlock any software protocol that acts as a form of encryption or data protection and to intercept computer systems like computerized maintenance management system to include other preventative maintenance software. In effect, the IPA allows the British state to monitor, intercept, record and even hack internet communications, granting it sweeping powers to carry out mass digital surveillance, including “bulk hacking,” which enables police and state agencies to access and alter all types of electronic devices “on an industrial scale” even if the owners of these devices are not suspected of a crime. Some firms are even cashing in on the IPA and agencies such as the FBI, which have attempted to access such electronic devices as “GrayKey,” a new software rolled out by Grayshift to meet the needs of governments, not coincidentally headed by former U.S. intelligence agency contractors and a former Apple security engineer. All in all, the IPA is what whistleblower Edward Snowden called “the most extreme surveillance in the history of Western democracy.”

Other European countries, including Switzerland, Belgium and the Netherlands, have adopted the IPA framework. Just last month in the Netherlands, a consultative referendum over the Intelligence and Security Services Act of 2017, also known as Sleepwet, was held along with the municipal elections. This act is similar to the U.K.’s Investigatory Powers Act, as it also expands the government’s powers to monitor all data that moves through the country’s internet infrastructure.

As a result of the referendum, Sleepwet will be amended to ensure that data is not random and is more targeted. In addition, the retention period of collected data will be shortened from three years to one year. In practice, this means that after each year, the question of whether any information found will be retained for a longer period of time will be revisited. Sleepwet has left many Dutch citizens nervous about their privacy and the possibility of bulk acquisition warrants being utilized in the near future.

What is important to remember in the recent Cambridge Analytica scandal is that this episode shows the dangers of how privacy can be invaded, information sold, laws manipulated and citizens deceived. It is also not insignificant that the George W. Bush and Barack Obama administrations created legislation that paved the way for companies to follow suit with their own approaches to citizens’ privacy. It’s not just the National Security Agency, but an unspoken alliance of corporations and governments that underwrite the mass surveillance of our society today.

I spoke with Silkie Carlo, director of Big Brother Watch in London, who elaborates on the interconnectivity between government and corporate surveillance, noting how the Cambridge Analytica scandal was triggered by “electoral influencing using targeted advertising” and has resulted in governments encouraging Facebook to apply more state-directed controls on its platform. Carlo believes that the more effective solution would be a “straightforward ban on targeted digital advertising … followed by the recovery of basic privacy norms both in relation to the private and public sectors.”

Noting the wide-ranging dangers posed by the combination of private industry and government surveillance, Carlo contends that social media platforms and data aggregators are posing new challenges, even redefining the terms of privacy, and that social media platforms are often “at the behest of governments.” Carlo urges that “we mustn’t ignore the fact that many Western governments are involved in a kind of neocolonial digital influencing in target states across the world, and in fact the SCL Group is a military contractor to the U.K. and NATO countries.” He concludes: “If we are serious about dealing with this problem, it is absolutely vital that we look at the bigger picture.”

The April 14 missile strikes on Syria by allied forces from the U.S., U.K. and France demonstrate precisely these links Carlo elucidated days earlier. SCL Group, self-billed as offering “data, analytics and strategy to governments and military organizations worldwide,” was paid $210,000 for the “Procurement of Target Audience Analysis” and for training in 2014-2015 by the Ministry of Defense. Sir Geoffrey Pattie, a former Conservative member of Parliament and the defense minister from Margaret Thatcher’s government, is president of SCL and co-founder of Terrington Management, which counts among its clients BAE Systems and Lockheed Martin. To boot, Philip May, Theresa May’s husband, works for Capital Group—the largest shareholder in the arms manufacturer BAE Systems, whose stock has soared since the strike on Syria.

The situation is not any better in the United States. Josh Weerasinghe, who was vice president of global market development at BAE Systems from 2012 to 2016, worked with Michael Flynn in his former position at the Office of the Director of National Intelligence, and Flynn also has played an advisory role with Cambridge Analytica since 2016. What’s more, SCL holds a $500,000 contract with the U.S. State Department.

SCL Group, Cambridge Analytica’s parent company, is a military contractor that has had access to secret information within the U.K.’s Ministry of Defense and the U.S. State Department while mining private citizens’ data. The conflicts of interest are as horrifying as the threats to democracy painfully evident. It’s a no-brainer. This has to stop now.