Our main story this week is Facebook and privacy. It goes together like California and cancer: we’re not sure if it causes cancer but we are going to hedge our bet it does. So, there you are. In our last episode of The Lazy Geeks Podcast, we discussed report of Cambridge Analytica had gained access to 50 million Facebook profiles. This allowed the company to data mine users personal information for a company that had links to the Trump Presidential Campaign and the Brexit movement in the UK.
So What Happened?
A whistleblower has revealed to the Observer how Cambridge Analytica – a company owned by the hedge fund billionaire Robert Mercer, and headed at the time by Trump’s key adviser, the dark knight himself, Steve Bannon – used personal information taken without authorization in early 2014 to build a system that could profile individual US voters, in order to target them with personalized political advertisements, according to The Guardian.
“We exploited Facebook to harvest millions of people’s profiles,” Christopher Wylie, who worked with a Cambridge University academic to obtain the data, told the Observer. “And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on.”
The data was collected through an app called thisisyourdigitallife, built by academic Aleksandr Kogan, separately from his work at Cambridge University. Through his company Global Science Research (GSR), in collaboration with Cambridge Analytica, hundreds of thousands of users were paid to take a personality test and agreed to have their data collected for academic use. It is moments like this that makes me wonder why companies would opt for Facebook profiles when they can get some real dirt using something like PornHub?
However, the app also collected the information of the test-takers’ Facebook friends, leading to the accumulation of a data pool tens of millions-strong. So think about that when you see that Facebook quiz about what Harry Potter house you should belong to or what color lightsaber should you have. Facebook’s “platform policy” allowed only collection of friends’ data to improve user experience in the app and barred it being sold on or used for advertising. The discovery of the unprecedented data harvesting, and the use to which it was put, raises urgent new questions about Facebook’s role in targeting voters in the US presidential election. It comes only weeks after indictments of 13 Russians by the special counsel Robert Mueller which stated they had used the platform to perpetrate “information warfare” against the US.
This Has A Global Impact
Cambridge Analytica and Facebook are one focus of an inquiry into data and politics by the British Information Commissioner’s Office. Separately, the Electoral Commission is also investigating what role Cambridge Analytica played in the EU referendum.
“We are investigating the circumstances in which Facebook data may have been illegally acquired and used,” said the information commissioner Elizabeth Denham. “It’s part of our ongoing investigation into the use of data analytics for political purposes which was launched to consider how political parties and campaigns, data analytics companies and social media platforms in the UK are using and nalyzing people’s personal information to micro-target voters.”
Facebook denies that the harvesting of tens of millions of profiles by GSR and Cambridge Analytica was a data breach. It said in a statement that Kogan “gained access to this information in a legitimate way and through the proper channels” but “did not subsequently abide by our rules” because he passed the information on to third parties. Because no company wants to appear weak on their security measures, they would simply believe that appearing inept is the better to the two opinions.
Facebook said it removed the app in 2015 and required certification from everyone with copies that the data had been destroyed, although the letter to Wylie did not arrive until the second half of 2016. “We are committed to vigorously enforcing our policies to protect people’s information. We will take whatever steps are required to see that this happens,” Paul Grewal, Facebook’s vice-president, said in a statement. The company is now investigating reports that not all data had been deleted.
Why Is It Not Going Away?
While this is making headlines, mostly due to its connection to President Donald Trump and the belief that he won the election fraudulently, Facebook has always been known for its shady practices in regards to users personal information. Within the same week the Cambridge Analytica news broke, it was revealed that Facebook has been using personal information from users phones and SMS (i.e. text messages) from Android phones.
Now, for the most part, people knew they were gathering this information for years. However, after the Cambridge Analytica scandal broke, Facebook began offering its users the ability to download their data information. Essentially, you can see, first hand, just how much data Facebook has on you.
“Oh wow my deleted Facebook Zip file contains info on every single phone cellphone call and text I made for about a year,” says Twitter user Mat Johnson, according to The Verge. Another, Dylan McKay, says “somehow it has my entire call history with my partner’s mum.” Others have found a similar pattern where it appears close contacts, like family members, are the only ones tracked in Facebook’s call records.
Facebook Has Collected All Sort of Info
Ars Technica reports that Facebook has been requesting access to contacts, SMS data, and call history on Android devices to improve its friend recommendation algorithm and distinguish between business contacts and your true personal friendships. Facebook appears to be gathering this data through its Messenger application, which often prompts Android users to take over as the default SMS client. Facebook has, at least recently, been offering an opt-in prompt that prods users with a big blue button to “continuously upload” contact data, including call and text history. It’s not clear when this prompt started appearing in relation to the historical data gathering, and whether it has simply been opt-in the whole time. Either way, it’s clearly alarmed some who have found call history data stored on Facebook’s servers.
While the recent prompts make it clear, Ars Technica points out the troubling aspect that Facebook has been doing this for years, during a time when Android permissions were a lot less strict. Google changed Android permissions to make them more clear and granular, but developers could bypass this and continue accessing call and SMS data until Google deprecated the old Android API in October. It’s not yet clear if these prompts have been in place in the past.
Facebook has responded to the findings, but the company appears to suggest it’s normal for apps to access your phone call history when you upload contacts to social apps. “The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with,” says a Facebook spokesperson, in response to a query from Ars Technica. “So, the first time you sign in on your phone to a messaging or social app, it’s a widely used practice to begin by uploading your phone contacts.”
The same call record and SMS data collection has not yet been discovered on iOS devices. While Apple does allow some specialist apps to access this data in limited ways like blocking spam calls or texts, these apps have to be specifically enabled through a process that’s similar to enabling third-party keyboards. The majority of iOS apps cannot access call history or SMS messages, and Facebook’s iOS app is not able to capture this data on an iPhone.
Facebook may need to answer some additional questions on this data collection, especially around when it started and whether Android users truly understood what data they were allowing Facebook to collect when they agreed to enable phone and SMS access in an Android permissions dialogue box or Facebook’s own prompt.
Since the revelation, companies and celebrities are leaving Facebook. When I say celebrities, they are mostly people that have a small cult following like Cher and Will Farrell. Commerzbank, Germany’s second-largest bank pulled its advertising, as did Mozilla, Pep Boys, Playboy, and Sonos. SpaceX and Tesla deleted their Facebook pages. Even Snapchat took on Facebook on April Fools’ Day by offering a Facebook filter that turned your picture with a Facebook filter that’s designed to recreate Russian bots liking your posts. The filter places a Facebook UI around your photo with Cyrillic script-like text, and even includes likes from “your mum” and “a bot.”
For decades, Facebook has been known to mine user information and use it to promote their brand. In recent years, Facebook itself have been struggling to remain relevant. While this revelation would have fallen away after a day or two, it is lingering due to its connection to Steve Bannon and Donald Trump. Whether this changes the way Facebook collects information remains to be seen.
However, as each generation is born into social media, concerns about their privacy decreases. Everything goes on Snapchat, Twitter, Instagram, YouTube, and maybe Facebook. While conservatives like to think that monopolies spur innovation, it is scandals that do. With Facebook against the wall, this is the time for new social media start-ups should make their services known. As we said last week, it is not those mythical bots that are a danger, it is the people.