Anatomy of a Modern Data Breach: The Facebook – Cambridge Analytica Scandal

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

cambridge-analytica-the-power-of0big-data-in-the-electoral-processNow that much of the dust has settled on Cambridge Analytica‘s misuse of Facebook users data the sad story can now be told.

It is critical to note upfront that Facebook was not hacked and that the information that was misused was provided voluntarily by Facebook Users.  The only breach was a breach of misplaced trust.

Timeline of the Facebook / Cambridge Analytica Scandal:

  1. January 2015:  Cambridge University’s Professor Alexander Krogan created ‘ThisIsYourDigitalLife’ personality survey app on Facebook, under his company “Global Science Research”
    • facebook-cambridge-anaytica-kogan-nix-bannon-mercer-connections-theguardian270,000 people responded and at the time it was possible for users of that app to provide limited information on their ‘friends’, if those ‘friends’ Facebook privacy settings allowed it
    • Including the ‘Friends’ moves the number of people that had some limited information sent to the ‘research’ company to about 50 Million
    • Professor Kogan has serious ties to the Russian government
      .
  2. April 2015: Facebook changed their software to make it impossible for users to share any of their ‘friends’ information
    .
  3. April 2015: Facebook found out that the data from this app had been given to Cambridge Analytica and to Christopher Wylie of Eunioa Technology
    • That is breach of Facebooks ‘terms of use’ so they removed the app from Facebook and demanded the data be deleted
    • Facebook received assurances from Kogan, Eunioa and Cambridge Analytica that the data had been destroyed
      • It had not been destroyed
        .
  4. Early March 2018 – Christopher Wylie tells Facebook and The Guardian newspaper group that he and others used the data from “ThisIsYourDigitalLife” to develop algorithms to micro-target individuals
  5. Mid March 2018: Facebook found out that the data had not been destroyed and suspended the accounts of Wylie, Kogan, Eunioa and Cambridge Analytica
    .
  6. Mid March 2018: Many news sources inaccurately infer that Trump campaign used questionably sourced data to manipulate and divide US citizens and the whole issue moves into a full blown scandal

Key Facts about the Facebook / Cambridge Analytica Scandal:

  1. The original app data was volunteered, legally collected and did even breach Facebooks terms of use
  2. The data was used to figure out HOW to target people, using data that would be collected during the 2016 US Presidential Election campaign most likely legally and voluntarily

As much as we question Trump’s competence, we must all stick to the facts and not go off on flights of fancy that fit our political narratives.   As is often the case, we are all easily distracted by the loudest voice in the room so we miss the key point.

What we should all be concerned about is that so many people volunteer details of our personal lives and beliefs.  That is the problem here.

Is There A Role For Government In The Facebook / Cambridge Analytica Scandal?

Governments should keep the pressure on social media firms to keep our data secure and private by tweaking existing laws to meet today’s issues, because that data can be so easily used for nefarious purposes.

Many are saying that governments should pass new laws requiring people to be notified and possibly even approve the transfer of their data from one company to another, but in the real world, that just isn’t meaningful.  The role of Government is to provide a level playing field for all of us to flourish; not to over-regulate and stifle innovation.  We expect there will be new regulation as a direct result of this misuse of data but we also expect it will have little practical impact:

  1. There are already many laws on the books the effectively regulate the handling of personal data, from PIPA and PIPEDA in Canada to the new GDPR in Europe.
  2. Nearly all “end user agreements” say that the data you provide a company can be shared with or even sold to other partner firms so the contract you agreed to will eliminate most government oversight.

The video below provides an overview of the regulatory bodies that are looking into the Facebook scandal.


facebook-scandal-stock-price-drop

It is said that ‘The best disinfectant is sunlight’ and we believe that is the case here.  Clearly the information used was misused and the fallout for all involved is serious.  Today Cambridge Analytica’s CEO was fired because THIS VIDEO came to light and Facebook’s stock has dropped nearly $41 billion dollars in value.  This is a full blown crisis of confidence and these (and all companies) will make changes.

Beyond all of the regulation, by now everyone should know that Online Privacy is an oxymoron and volunteering private information is a bad idea.  As the old saying goes, ‘You can’t regulate stupidity”.  Although in this case, it appears to be more naivete than stupidity.  You have to ask, What did the people who took that ‘survey’ think was going to happen with the data?

.

Comments

  1. Peter Tindall March 24, 2018 at 3:34 pm

    I think it is important to remember that if you are a Facebook user you are NOT their customer. You are Facebook’s product. They sell you to make money so it is wise to be careful about what you share online.

Leave a Reply