Daniel J. Bujan – With over 2.2 billion active users across the world, there is no doubt that Facebook has changed the way the world connects with each other. Everyday people in every continent log on to this site and share messages, photos, and ideas. With many users spending countless hours on social media sites, such as Facebook, Instagram, and Twitter, it is no doubt that these sites can be used to collect a range of user’s personal information. Mark Zuckerberg’s brainchild has recently come under fire for the breach of 50 million of its user’s data by Cambridge Analytica, a British political consulting firm which was involved in the 2016 Trump Campaign. Reports by both The New York Times and The Observer of London claim that Cambridge “used the Facebook data to develop methods that it claimed could identify the personalities of individual American voters and influence behavior.”
This improper breach of data has led to an investigation into Facebook’s protection of user data by the Federal Trade Commission’s Bureau of Consumer Protection. Back in 2011, the FTC also investigated Facebook’s data practices. Facebook did not admit fault, but agreed to settle charges that it “deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public,” among other deceptive practices. With so much of our personal information being available online, are social media platforms doing enough to make sure that our information is not being put in the hands of the wrong people?
Facebook’s, along with other social media platforms, basic economic model is user’s providing data that the website then uses to help advertisers and developers better target potential customers and users. This ad model makes it so that these companies are able to reach the most amount of people and at no cost to us, the users. But does this model work given what we now know about these risks? Look no further than to 2016, when Russian operatives used Facebook tools to target users with fake ads that reached 126 million people. The Internet Research Agency, the troll farm in St. Petersburg responsible for the ads, targeted users with strong feelings toward topics such as gun rights, political activism, and immigration. The goal of course was to influence how Americans would cast their ballots in the presidential election.
The data in the Facebook breach was collected using an app called “thisisyourdigitallife” created by Aleksandr Kogan, a Russian-American Professor at Cambridge University. Kogan created the app using a technique developed by researchers at Cambridge University’s Psychometrics Centre in which personality traits would be mapped based off of what users had liked on Facebook. Once the person had downloaded the app, the researchers would scrape private information from the user’s profile. The data collected showed reams of personal data including what user’s liked, where they lived, and who their friends were. It is now alleged that Kogan was harvesting this data for Cambridge Analyitica, which uses data mining and data analysis to help political officials gain an edge in the electoral process. At the time, these data scraping techniques were completely legal under Facebook’s security laws, and Kogan claimed to be conducting the personality quiz for academic research. Facebook claims that the harvesting was not a data breach at all but instead that Kogan “gained access to this information in a legitimate way and through the proper channels” but by then passing the information to a third party he broke the rules.
The tech giant now faces many questions including how could such a breach occur and what they are doing to make sure a breach of this magnitude does not happen in the future. If the FTC finds that Facebook failed to comply with the consent decree that it agreed to in 2011, which mandated users be notified if their data was shared beyond what the user allowed under their privacy settings, Facebook could be facing trillions of dollars in fines. Europe’s new law which takes effect on May 25th, requires that companies such as Facebook and Google be required to get user’s permission before they can use your data. Will this be a model that North America will look to guide our data security practices or will Facebook figure out how to handle these type of breaches internally? Some Facebook users have decided to take matters into their own hands and delete their accounts, attributing their desertion to privacy concerns. But with most users most likely willing to take their chances, we will likely be seeing some sort of privacy changes in the social media’s platform.
