In 2014, Cambridge Analytica acquired 50 million Facebook profiles from a researcher. This appears to have been among the most consequential data breaches in history, with an impact that may rival the breach of financial records from Equifax (one of the world’s largest credit agencies). There are many problematic aspects to this. It appears the information was harvested by a researcher who collected data not only on the 270,000 or so users who Facebook said took his survey, but also on their friends, who knew nothing about the survey, and then passed it to Cambridge Analytica in violation of Facebook’s terms of service. There are questions now over whether the data was destroyed. Facebook did not notify the affected users, as may be required by its 2011 consent decree with the Federal Trade Commission (FTC).
Cambridge Analytica appears to have used the profiles to develop techniques for influencing voters. The company has denied wrongdoing, saying “no data from [the researcher] was used by Cambridge Analytica as part of the services it provided to the Donald Trump 2016 presidential campaign”. But there are questions over whether the Trump campaign appears to have gained an advantage in the election from the data. News reports contradict Cambridge Analytica’s chief executive, who said the company did not have Facebook data. Facebook waited for more than two years after they discovered the breach before suspending Cambridge Analytica from its platform. The New York Times reported that at least some of the data is still available on the internet.
Cambridge Analytica has denied inappropriate use of Facebook user profiles, but a former employee who is now a whistle-blower has emphatically contradicted that claim.
Facebook now has 2.1 billion active users, 1.4 billion of whom use the site every day. As a social networking platform, it enables people to share ideas, photos and life events with friends, which collectively gives Facebook the highest-resolution image of every user of any media company, with an emphasis on emotions. For advertisers, Facebook is exceptional for its ability to target more than half of all the people in every developed market and the power it gives to advertisers. On Facebook, advertisers can buy the equivalent of the Super Bowl audience — or any other audience — any day of the year.
Five years ago, researchers hypothesised that Facebook algorithms could be used to predict things like product and political preferences from just a handful of “likes”. Those researchers were concerned about the privacy implications, in part because the default Facebook setting for likes was “public”.
Harvesting user-profile data
Cambridge Analytica thought it could transform US politics by exploiting that insight. With the 2016 election cycle fast approaching, Cambridge Analytica did not have time to create its own custom profiles. So it went to researcher Aleksandr Kogan, who created a Facebook app that paid users to take a personality test. There were problems with this arrangement, though. First, Kogan did not have permission from Facebook to use the data he had gathered for commercial purposes, which best characterises his Cambridge Analytica relationship. Second, the app not only harvested user-profile data — which could be compared with the results of the personality test — but also the user profile data of each test taker’s friends, none of whom were notified.
Was any of this illegal? Facebook may be liable for a data breach, which may create legal problems under US laws. The attorney general of Massachusetts has announced an investigation. Cambridge Analytica may face charges that it broke US election laws by employing people who were neither US citizens nor green card holders on a US presidential election campaign. Both may be subject to action by the FTC. Or perhaps not.
We live in a world of big data, where companies get rich off our personal information with few constraints and almost no supervision. Companies offer us free applications that are convenient, useful and fun in exchange for perpetual rights to the data they can harvest from our actions online (and sometimes offline).
The big data companies are opaque to consumers and regulators alike, so few people understand the risks and companies can often hide data breaches for a long time. Law provides very little privacy protection, leaving consumers with little or no recourse when they are harmed.
It is past time that the we recognise that data is too important to be unregulated. Will Facebook face consequences for the data it lost to Cambridge Analytica? Will Cambridge Analytica be held to account?
— Guardian News & Media Ltd
Roger McNamee was an early investor in Facebook and a mentor to founder Mark Zuckerberg. Sandy Parakilas was an operations manager at Facebook, responsible for privacy and policy issues on Facebook Platform.
