Facebook announced last week that the personal data of up to 87 million of its users may have been compromised and given to a political consulting firm called Cambridge Analytica, according to The New York Times. In addition, The Atlantic reported that “most” Facebook users have likely had their public profile information harvested by third parties.
In the wake of this news, Facebook has been the subject of public ire. Recent privacy concerns follow on the heels of other issues: last year Facebook admitted that its platform was used improperly “by Russians to buy political ads, advertisers to discriminate by race and age, hate groups to spread vile epithets, and hucksters to promote fake news on its platform,” according to The Atlantic.
Profile scraping was enabled by a design vulnerability which Facebook said until last week allowed third parties to submit “phone numbers or email addresses they already have” using the site’s search and account recovery function. While these searches were rate-limited, Facebook Chief Executive Officer Mark Zuckerberg said that “malicious actors…cycled through hundreds of thousands of IP addresses and did a relatively small number of queries for each one.”
Cambridge Analytica obtained data from Facebook users through a different method, The New York Times reported. The data firm contracted a researcher to create a personality quiz, and when some 270,000 users took the quiz, their personal data as well as data from all their Facebook friends was collected and stored. Facebook later stopped quizzes and apps from gathering data from users’ friends without their knowledge or consent.
The data involved in the Cambridge Analytica scandal was used to target political ads, according to The New York Times. The firm has connections to President Trump’s 2016 digital campaign: Cambridge Analytica is primarily owned by Robert Mercer, a right-wing donor who supported the Trump campaign. Facebook’s problems, however, began even before reports of voter profiling by Cambridge Analytica. Law enforcement and congressional committees are conducting ongoing investigations into Facebook’s role in swaying the opinions of American voters. According to The New York Times, Russian actors bought and targeted divisive political ads on Facebook. Zuckerberg initially dismissed this idea as “crazy,” but Facebook now acknowledges that its platform was misused to target voters based on their personal information.
Facebook Chief Operating Officer Sheryl Sandberg said of the Cambridge Analytica incident, “We really believed in social experiences. We really believed in protecting privacy. But we were way too idealistic. We did not think enough about the abuse cases.” Before coming to Facebook, Sandberg worked as a VP of Google. In an article for The Atlantic, Michael Jones explained the differences between the policies of Google and Facebook. He wrote that Google pays attention to what users search for in order to customize ads, but emphasized that “the user’s behavior and interest is held in secret by Google and the advertiser never has a hint of it.”
In contrast, Jones said, Facebook has created a place where they can “record what you tell your kids and spouse and friends, and use that to understand you and by extension, something about your friends.” Then, in an arrangement that has made the company wealthy, Facebook “sells access to this description to advertisers.” Jones noted that Facebook’s interactions with advertising companies is analogous to the system used by credit scoring companies because “their customers also get the report on the specific user rather than an anonymous introduction to certain users.” Unlike credit scoring companies, print ads, and television ads, however, online ads are very loosely regulated.
Recent discussion has focused on how to protect online privacy in the future. Some have suggested imposing fines for data breaches: Daniel J. Weitzner, a former White House deputy chief technology officer, says that technology should be policed by “something similar to the Department of Justice’s environmental-crimes unit,” which has levied hundreds of millions of dollars in fines.
Stricter policing of online political advertising is also in the works. Facebook recently backed proposed legislation that would require social media sites to verify the identities of people who buy ads related to political campaigns and divisive issues. However, Ann Ravel, a former commissioner at the Federal Election Commission, said that more could be done. She suggested that the FEC’s definition of political ads is too narrow, since it is limited to ads that mention a federal candidate and appear within 60 days prior to a general election or 30 days prior to a primary. This definition, Ravel said, will fail to arrest new forms of election interference, such as ads placed months before an election.
Many hope that further steps will be taken to hold Facebook accountable for activity that occurs on its platform. In the meantime, check your privacy settings and hope for the best.
Sarah is a senior double majoring in English and Biology.