In an explosive revelation this week, data firm Cambridge Analytica has been accused of using personal information collected from 50 million Facebook users without their consent. It is alleged that the London-based company used the data to sway public sentiment in support of their political and social agendas.
Two of the most significant of these events are the election of US President Donald Trump and the Brexit vote regarding Britain exiting the European Union.
Unauthorised data acquisition & sharing
How was the user data originally acquired?
In 2013, a Cambridge psychology researcher called Aleksandr Kogan created a personality quiz app for Facebook. Users who signed up were paid to participate by taking the online psychological test.
However, the app not only gathered information from the 270 000 users that installed it, but also accessed and acquired the data of the participants’ Facebook friends without user knowledge or consent.
How did Cambridge Analytica get the data?
Kogan allegedly supplied the collective information to Cambridge Analytica, in violation of Facebook policies. In addition to the unauthorised gathering and misuse of data being unethical, such acts are illegal in many countries.
What was Facebook’s reaction to the unauthorised use of data?
Once Facebook was made aware of the unauthorised acquisition, transference and use of the data, they took action against the offending parties. Kogan’s app was immediately banned from the platform. He was ordered to delete all records of the data – including those sent to third-party entities such as Cambridge Analytica – and furnish proof of the data destruction. Facebook received formal certifications from both Kogan and Cambridge Analytica confirming that all collected information was destroyed. They also changed the platform to limit further unauthorised access to data.
Cambridge Analytica Scandal:
Unethical misuse of data
What was Facebook’s response to the revelation of data misuse by Cambridge Analytica?
Facebook has come under sever fire for the unauthorised use of the user data obtained via their platform. Their initial response was defensive, with one senior executive stating that “no systems were infiltrated, no passwords stolen or hacked”. Facebook claimed that the improper use of data did not constitute a “breach” on their part. They asserted that they were deceived by both Kogan and Cambridge Analytica (recent events indicating that despite the certifications given to Facebook by these parties, the data had not been deleted).
However, CEO Mark Zuckerberg later admitted that not investigating further in 2015 was a mistake, one that he deeply regrets. Holding himself accountable to the platform users, he said:
“I started Facebook, and at the end of the day I’m responsible for what happens on our platform. I’m serious about doing what it takes to protect our community. While this specific issue involving Cambridge Analytica should no longer happen with new apps today, that doesn’t change what happened in the past. We will learn from this experience to secure our platform further and make our community safer for everyone going forward.”
Full statement by Mark Zuckerberg:
I want to share an update on the Cambridge Analytica situation — including the steps we've already taken and our next…
What steps are being taken by Facebook to ensure the security of user data?
Facebook has outlined a multi-faceted approach to user data security that includes: limiting data access, auditing and managing developer activity, protecting data misuse by third-parties and promoting increased user management of apps.
Some of the initial adjustments by Facebook are listed below, with the social media giant expected to reveal addition changes over the next few weeks.Current measures being taken by the Facebook team include:
Auditing and review:
- Review of apps that had access to data prior to the 2014 platform change (which restricted access to data)
- Conducting of thorough audits of all apps and services that have access to user data
- Banning of any party displaying irregular or questionable activity
- Banning of any developer that does not agree to an audit
- Should apps be banned due to misuse of data or policy non-compliance, all users of that app will be notified accordingly
- Encouraging users to report inappropriate or prohibited use of data by developers by rewarding people who identify such behaviour
Restricted access to data:
- The scope of access to data in general by developers will be restricted to protect users.
- Login data will be limited to name, profile photo and email address
- App sign in information will be limited to name, profile photo and email address
- Developers will have to get a signed contract from users in order to access their posts or private data
- Any additional information required by developers will be subject to Facebook and/or user approval
Increased user protection and control:
- Apps that have not been used for 3 months will be deactivated from account
- Users will be notified about any suspicious activity observed relating to apps they use
- The existing app permission tool will be moved from the privacy setting to the News Feed area for ease of access and use
- Users will be shown how to check which apps have access to their data, as well as view the permissions settings of each app
- Users will be shown how to manage apps, including setting such as permission changes and revoking of access
- App management services will be improved for enhanced user experience
As the saga continues to unfold…
Investigations by various entities including the US Congress and the European Parliament are underway. Cambridge Analytica deny all allegations of wrong-doing, saying they are willing to undergo a forensic audit. Nonetheless, CEO Alexander Nix has been suspended pending the outcomes of the probes. And the man at the heart of the scandal, Aleksandr Kogan, says Facebook is to blame.
Despite Zuckerberg vowing to take corrective action aimed at preventing such data loss in the future, he did not escape unscathed. The Facebook founder may have to provide the US Congress with testimony relating to the security of user data on the platform.
Regardless of what the ultimate findings of the investigations will be, the sheer magnitude of this scandal is expected to impact policies governing user data security on a global level. And due to the uncertainty of the current situation, the resulting effect on businesses is, at present, a matter of speculation.
How secure are your online assets?
Social Media 101 can help you find out – CLICK HERE to contact us