We’ve been promised by Google, Facebook, and other social sites that our personal information is protected and that when some of our information is provided to third parties, our identity will never be made known. But now we have an example of just how disingenuous those promises are.
Facebook has just suspended Strategic Communication Laboratories (SCL) and Cambridge Analytica for violating its privacy policies. These companies worked with President Trump’s 2016 campaign, using Facebook and other social media to target ads at voters much more effectively than the Clinton campaign. Cambridge Analytica, which is owned by hedge fund billionaire Robert Mercer, has been using Facebook as a tool to build psychological profiles that represent some 230 million adult Americans and is being accused by Facebook of revealing the private information of users to third-party data harvesters.
While these companies utilized the tools that Facebook created for their advertisers to do much the same targeting, they are accused of going further and violating Facebook’s terms of service.
Facebook Deputy General Counsel Paul Grewal explained that SCL worked with Aleksandr Kogan, a psychology professor at the University of Cambridge, who developed “Thisisyourdigitallife,” an app that enticed Facebook users to reveal more about their personalities.
According to the New York Times, questions like these were asked: “Do you panic easily? Do you often feel blue? Do you have a sharp tongue? Do you get chores done right away? Do you believe in the importance of art?”
“If ever you’ve answered questions like these on one of the free personality quizzes floating around Facebook, you’ll have learned what’s known as your Ocean score: How you rate according to the big five psychological traits of Openness, Conscientiousness, Extraversion, Agreeableness and Neuroticism,” the Times explained.
More than a quarter of a million Facebook users downloaded the app and logged in through Facebook, which gave Kogan personal information, including where they lived, their likes and dislikes, and information about their friends. Kogan, in turn, provided the personal information to a data harvesting company, Eunoia Technologies, in violation of Facebook rules that forbid app developers from sharing users’ personal information. This data was then shared with SCL/Cambridge Analytica to target Facebook users during the election campaign.
When Facebook discovered the violation of their policy, they asked Kogan to verify that the personal data he collected was destroyed and simply took him at his word that it was.
Facebook just learned that, in fact, the data was not deleted as requested, and so they suspended SCL/Cambridge Analytica, Wylie, an intermediary, and Kogan from Facebook, pending further investigation.
Cambridge Analytica released a statement claiming that it deleted all of its data after learning that Global Science Research did not comply with Facebook’s terms of service and that it is working with the social media company to “resolve this matter as quickly as possible”
In a statement Facebook explained how they “protect” users:
Now all apps requesting detailed user information go through our App Review process, which requires developers to justify the data they’re looking to collect and how they’re going to use it – before they’re allowed to even ask people for it.
In 2014, after hearing feedback from the Facebook community, we made an update to ensure that each person decides what information they want to share about themselves, including their friend list. This is just one of the many ways we give people the tools to control their experience. Before you decide to use an app, you can review the permissions the developer is requesting and choose which information to share. You can manage or revoke those permissions at any time.
So, what Facebook says is that they protect us by (1) requiring us to read the many pages of legalese for each app, and (2) simply asking the app makers to abide by their policy and take them at their word.
This proves once more that Facebook is naïve, easily taken advantage of, and totally irresponsible with the information they collect.
Furthermore, it shows just how ineffective Facebook has been at protecting personal information. They’ve created a product that, by its very nature, allows others to access our information easily and effectively, and provides all of the tools to target us with specific messages based on our personal information. It seems to me that the only way to prevent Facebook from continually being gamed is for it to shut down or completely reinvent itself.
Update March 17, 8:34 p.m. Eastern: Facebook updated their statement to include a denial that a data breach occurred:
The claim that this is a data breach is completely false. Aleksandr Kogan requested and gained access to information from users who chose to sign up to his app, and everyone involved gave their consent. People knowingly provided their information, no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked.