Facebook’s privacy problem
Reports surfaced this weekend about yet another Facebook-fueled abuse of privacy, this time by an outside company trying to manipulate voters on behalf of political causes and candidates — including Donald Trump in 2016. The revelations were both familiar and outrageous.
According to the Guardian and the New York Times, a Cambridge University researcher named Aleksandr Kogan produced an innocuous-looking personality testing app for Facebook whose real purpose was to identify the sorts of marketing pitches one might be susceptible to — ones that played to people’s anxieties, for example, or alternatively to their sentiments. He then gathered data not just from the roughly 270,000 people who used the app, but from tens of millions of their Facebook friends, all without the friends’ knowledge or consent, according to the news articles.
The story gets worse, however. Kogan reportedly turned over the Facebook data he had harvested to a political consulting firm, Cambridge Analytica, to help it build profiles that it could use to sway voters on a massive scale. The messages could be tailored precisely to the weaknesses of a narrow group of voters and hidden from voters with different sensibilities.
As Christopher Wylie, who worked at Cambridge Analytica from its founding until 2014, told the Guardian: “We would know what kinds of messages you would be susceptible to, and where you’re going to consume that. And then how many times do we need to touch you with that in order to change how you think about something.”
Political campaigns and commercial advertisers have long targeted their pitches; what’s different now is how the internet and platforms such as Facebook make the process easier, more effective, wider-scale and far more intrusive. Cambridge Analytica has denied using Facebook data improperly, but news reports over the weekend strongly suggest that the firm built its profiles at least in part with data Facebook users didn’t realize they were sharing with it.
Kogan insists that he, too, did nothing wrong, and that’s one of the most disturbing elements of the story. One reason he could acquire all that data about his app users’ Facebook friends, including their posts and their likes, is because Facebook opened that information to developers in 2011. The company rolled back access to information about app users’ friends in 2015, long after Kogan harvested and shared that data.
Facebook says that when it first learned about Kogan’s data sharing in 2015, it instructed his company and Cambridge Analytica to destroy the harvested data. If the news reports are true, a Facebook executive told the Guardian, “it’s a serious abuse” of the company’s rules.
That’s little comfort to the millions of people whose marketing susceptibilities have now been cataloged with Facebook’s help. And this is just the latest in a long line of privacy problems at the social network. In fact, the Federal Trade Commission entered into a consent decree with the company in 2011 over misleading or false disclosures to users about app developers’ access to data, among other issues.
Whether the consent decree will have any bearing on this latest privacy affront remains to be seen. Regardless, the fundamental problem here is that companies keep finding new and unanticipated ways to use the information people share online — including the digital bread crumbs they leave unwittingly around the web. Are you comfortable knowing that companies are scooping up your “likes,” your tweets, your status updates and your lists of friends to determine whether to offer you discounts? To decide which news items to show you? To figure out how best to sell you on a presidential candidate or a ballot measure?
The largely hands-off approach taken by regulators to date has encouraged bountiful innovation and experimentation, but it’s also reinforced an act-first, ask-forgiveness-later mentality among entrepreneurs. The only guidelines are the vaguely worded prohibitions in federal law against unfair and deceptive practices; rather than trying to adopt comprehensive guidelines, the Federal Trade Commission has handled complaints on a case-by-case basis.
It’s not enough. Internet users need some measure of control over the information they reveal online, so that they are not unwittingly helping countless unseen data brokers, aggregators and analysts find new and better ways to steer their opinions, purchases and votes. A federal bill of rights covering online data would be a good place to start. How many outrages have to surface before the tech industry and the federal government start taking privacy seriously?