06/04/2018

Comment: Why "Facebookgate" is more problematic than many assume

Comment: Why "Facebookgate" is more problematic than many assume Data protection and compliance

Time and time again, my Twitter feed as well as my Facebook feed were awash with the hashtag „#deletefacebook“. To be honest, though, I do not quite get why people are so upset. Of course, what happened is certainly unacceptable and worthy of condemning – there can be no doubt about that. When a company such as Cambridge Analytica reuses data that was gathered “for research purposes” for shady activities such as influencing elections in the USA, then this is definitely a problem. You could also enter passionate arguments about how great the influence of this data actually is when it comes to making an impact on an election or a Brexit referendum. I mean – it’s not like someone sitting in an office block somewhere presses a “Vote Trump” or “Vote Leave” button, and suddenly individual voters (or groups of voters) make an instant political 180 degree turn. Voters on the whole are – I think – mature enough not to let themselves be press-ganged into supporting something that completely goes against their set of political ideals.

There is, however, one big elephant in the room: users of social networks should be aware of the fact that their data is shared with others – even though it might not be obvious right out of the gate. After all, there is a reason why privacy advocates remind people not share their personal data too willingly and why they scold companies such as Facebook for their privacy conduct on a regular basis.  This is also the reason the age-old proverb „If you don’t pay for it, you are not a customer, you are the product” is circulating more often these days.

Misguided finger-pointing

It may sound like victim blaming, but it is not that simple. People entrust sometimes deeply personal information to their social network. It seems, though, that unlike Cambridge Analytica, Facebook as a company has yet to understand how much power and therefore what responsibility it has towards its users. I will spare you the obligatory „Spiderman“ quote here.

The fact that social networks play an ever larger role in shaping people’s opinions raises some important questions. Terms like “filter bubble” and “echo chamber” become important factors in everyday political life. The increasing prevalence of Fake News and their use for influencing politics is giving politicians as well as sociologists a lot to think about.

Communication issues

Contrary to some reports, there was no such thing as a „Facebook hack“ or a „data leak“, since CA did neither break into any of Facebook’s systems nor were any security measures circumvented. In fact, things are worse: the data was collected for purposes that were explicitly permitted by Facebook. As far as Facebook is concerned, you could even go as far as saying that everything was working as intended. This might take place in the shape of a quiz, a game or a survey. In the process, some data was harvested which should have been left alone: the data of friends of those who took a survey or played a game as well as those who share data with the app “thisismydigitallife”. The latter creates personality profiles. The collected data, however, was not deleted after use, but sold on and repurposed instead. According to Facebook, this constitutes a violation of the guidelines for app developers. A request from Facebook to delete the data went unanswered for weeks. What exactly happened with the data is not known, but if the statements and adverts from CA is to be believed, this cannot be good.

A great number of users were quite unhappy with the way this case was handled by Facebook. Several days passed without any word from its CEO Mark Zuckerberg. This delay might well have contributed to the mood turning more sour and people starting to campaign for a boycott of the platform. Some commenters expressed concern that Facebook would try to “smile away” the issue, downplay it or just sit it out.  

This policy did very little indeed to win over those whose trust in the platform was already shaken. When Zuckerberg finally made a statement, he expressed sympathy for those who were upset and underlined that what happened was a major breach of trust for all involved. He promised Facebook would do better and announced a set of measures, which are to be implemented shortly. Among those measures is that app developers‘ access to certain data should be limited to a time frame. Permissions to access any information that was not accessed for longer than three months would be revoked automatically. Furthermore, the type of data available to app developers will be more tightly restricted. Any cooperation with Cambridge Analytica had already been terminated at this point.

Using data sparingly

Still, many users express their intention of turning their back on Facebook, at least if you believe the trends within the days of the news breaking. How many users actually follow through with this remains to be seen. There were similar reactions in the past, whenever Facebook has made changes in their terms of use.
If you do not want to quit Facebook for good or cannot do so for any reason, then this is a good time to review some of your security and privacy settings in your profile. There are several places where you can prevent personal data from being accessed too easily. First and foremost, review the default visibility setting for your post. Depending on your settings, your posts might be visible to a group that is substantially larger than anticipated, potentially including people you do not want to see you posts. When in doubt, it also might be better to ignore any attempts of Facebook to nudge you into “completing your profile”. Past posts can be edited or deleted if need be, as can any “Likes” you have clicked.  

Hindsight is always 20/20

It seems that the Facebook administration is beginning to understand the scale and impact of the event. Zuckerberg himself speaks of a “hole” that the company needs to dig itself out of. The image is fitting, given that within a few days and weeks, the company’s value at the stock market has dropped over 100 billion dollars. He also is self-critical and admits that in the past Facebook did not devote as much thought and attention to potential abuse of data as would have been appropriate. To rectify this will not be a quick undertaking. The Facebook CEO estimates that securing user data properly will likely take several years to complete.

Game about private data

Games that you can find all over Facebook should also be taken with a grain of salt. Oftentimes the makers of games such as „What animal would you be?“ or “Who is your celebrity doppelgänger?“ also access and collect some of your data when you use the „log in with Facebook“ button. This data may include (but is not limited to) your name, public posts, profile pictures, public posts, email address or friend list. Checking the app settings is definitely going to be worth your while in such cases. Another trend that has been around for at least 15 years is to gather data by posting supposedly funny quizzes, which ask for some details that are often used for security questions; those can be used to gain access to an account if you have accidentally locked yourself out or forgot your password. So, be wary whenever the answer includes giving your mother’s maiden name, your first car, your pet’s name, the street you grew up in or other similar things. Even though it may seem blatantly obvious to some: not every bit of information that can be provided should be provided on any social media websites.