Over the weekend, the Internet exploded with new information regarding the latest Facebook data breach. The news broke that Cambridge Analytica (CA), a data firm associated with Donald Trump’s election campaign, has managed to extract data about 50 million Facebook users. Once again, we became witnesses to the fragility of our personal information.
In all honesty, this wasn’t the first time that Cambridge Analytica was mention in the press. Respectable publications have been warning us about this company and the way it uses very sensitive data. For example, there’s a 2015 Guardian article, and an often-mentioned 2016 article published by Das Magazin. From this point of view, it’s easy to say that should have known this situation was coming. In fact, the specific number of 50 million users isn’t new. People from Cambridge Analytica were bragging about this achievement since 2014, at least. So, what’s happening and why the latest Facebook data breach is a big deal? Continue reading as we’ll explore different aspects of this situation.
The Facebook Data Breach Wasn’t a Hack
Almost every single day, we can hear about malware like Dark Caracal, for example. These are ominous lines of code that have the power to take over large systems and endanger our passwords and private files. However, this wasn’t the case here. Facebook wasn’t attacked nor your password was stolen. The big reason why this story is so big is due to the fact that Facebook purposely gives permission to Cambridge Analytica to exploit your data, without you even being aware of that. Not only that, the company took data from all your friends and associated Facebook pages. And this all happened thanks to a loophole in Facebook’s API.
What Happened: The History of Misconduct
To help you understand this whole situation a bit better, let’s start from the beginning. You will be surprised to know that Cambridge Analytica has a rich history of misconduct. In fact, articles published by Das Magazine and the Guardian were only scratching a surface.
Back in 2007, Cambridge psychology student, David Stillwell was doing his Ph.D. about the process of decision-making. He wanted to bring in as much data as possible, which is why he turned to Facebook. Actually, he launched a mobile app called myPersonality. Even though this should have been a small project, millions of Facebook users had downloaded it within a year. It’s also worth noting that by 2015, around 7.5 million users of Facebook have downloaded the app, signed in using their Facebook accounts, and unwillingly submitted their personal data.
Stillwell and Michal Kosinski, a fellow student at Cambridge’s Psychometric Centre, soon realized that their myPersonality project could be used for more serious projects. In 2012, they began publishing their research. Unsurprisingly, this generated a lot of interest from Facebook. All of a sudden, this company became aware of the potential for this kind of analysis and implementation. As Kosinski told Das Magazin, he was approached with both ‘the threat of a lawsuit and a job offer’.
It was at this point when Stillwell and Kosinski were approached by Christopher Wylie, who worked at a company called Strategic Communication Laboratories (SCL). The man said that SCL is a data analytics company working with governments all around the world. Being wary of this description, Stillwell and Kosinski declined the offer. However, the ominous company found another way by employing another researcher at Cambridge, named Aleksandr Kogan.
Not long after, Kogan mirrored the myPersonality application and come up with another app named ‘thisisyourdigitallife’. During the height of its popularity, the application gained 270,000 users. You might think this is a small number for any application, however, that’s not the case here. The application was able to pull data exponentially. This means that the application didn’t only read your data but your friends’ data as well. This is why the total number of affected individuals was around 50 million in the end.
Thanks to this success, Kogan managed to market that data to SCL. This is how a new company was founded in the USA, named Cambridge Analytica. Longtime SCL director Alexander Nix was named its SEO, and several Republican hedge fund managers were brought into CA. In 2015, the Guardian reported that Cambridge Analytica received $2.5 million from its Republican investors.
The first major assignment for Cambridge Analytica was the Brexit “Leave.EU” campaign. After that, the company went on to work on the Trump presidential campaign. A year later, Alexander Nix bragged at the Concordia Summit in New York that CA has ‘profiled the personality of every adult in the United States of America – nearly 220 million people’.
At the end of 2016, a viral article published by Das Magazin appeared online. Journalists from this magazine managed to put together all the pieces and raise the alarm. Subsequently, the US House Intelligence Committee questioned Nix – however, that was about Hillary Clinton’s emails. Needless to say, Nix was receiving a lot of protection from its Republican investors.
Troubles for Facebook: Battling the Press
You might be wondering if Facebook knew that users were exploited. As reported by the Guardian, the company was aware of that back in 2015. The company managed to respond by updating its API. Thanks to there improvements, third-party developers were no longer able to extract information from your list of friends. Additionally, Facebook approached Cambridge Analytica and demanded from the company to destroy all remnants of the data set. As we know now, this never happened. Even today, Cambridge Analytica has all the data it collected over the years.
It is also interesting to note that Facebook never approached CA again. In the wake of the latest Facebook data breach, the company has suspended CA’s Facebook account along with accounts of CA’s original researchers, Kogan and Wylie. Also, Facebook has scheduled an internal meeting with employees to explain what happened with CA and to answer questions about the latest breach. Still, this didn't stop Facebook from getting sued by shareholder companies.
As it’s clear now, the privacy of your personal data isn’t of the utmost importance for Facebook. In fact, the company thrives on selling that data to third parties. We are sure that Facebook will take action now. However, that will happen only due to the spread of the new information on a massive scale. In other words, this will most probably be a PR stunt aimed at people willing to suspend their accounts.
The Main Problem with The Facebook Data Breach
The main problem here is that Facebook wasn’t hacked. In other words, no one stole your personal information from this company. It’s just how the whole system is designed, and CA managed to take advantage of that system and create detailed profiles for 50 million individuals.
Another problem is that no one involved in the development and deployment of this technology stopped to rethink their approach. The original creators of this project, Kosinski, Stillwell, and the rest of their research team were caught by surprise. They didn’t anticipate to collect so much data, and they did nothing to stop the data from being manipulated and exploited by companies such as Cambridge Analytica.
When it comes to Facebook, the company’s stance is that Kogan, representing his app, lied and stated the data would be used for academic research. However, as the New York Times reports, Facebook never actually verified Kogan’s claim. This can make all of us wonder how many apps stole data before 2015, and in what ways those third-parties used that data.
What Will Happen Next?
One thing is sure – that latest Facebook data breach won’t go unnoticed. Numerous lawmakers have already called on Zuckerberg, Facebook CEO, to explain his company’s actions.
Amy Klobuchar, a Democrat who serves on the Senate Judiciary Committee, said that Zuckerberg needs to testify. She also added that the whole situation needs to be investigated as well as that it’s clear that social media networks can’t police themselves.
In the UK, the Information Commissioner’s Office is trying to obtain a warrant to search the offices of Cambridge Analytica in London. Previously, Facebook said that CA has agreed to a digital forensic audit of its servers and systems. However, auditors hired by the social media giant visited CA’s offices on Monday evening but stood down at the request of the Information Commissioner’s Office.
Every single user of every social media network should stop for a moment and think about their actions. The Facebook data breach is actually a microcosm of a problem that affects each one of us. Are we really safe on the Web, and is it that easy for companies to trade our personal details? Is it really possible that all these effects end up yielding a botched election or affect other essential aspects of our everyday life?
As we keep on waiting for answers from Facebook, we only wonder the full extent of online data manipulation. Make sure to tell us your thoughts in the comments section below.