Cambridge Analytica. A name that emerged from virtual anonymity and became a trojan horse for Facebook. At least for now.
A small digital company specialized in profiling potential voters for candidates managed to be the epicenter of the biggest scandal in Facebook’s recent history. CA harvested data from the private Facebook profiles of around 50 million users without their consent, making it one of the biggest data breaches in the social network’s history.
Empowered by the data they’ve collected, Cambridge Analytica was able to exploit the private social media activity of millions of people, data that could be used in any way you can imagine, including influencing the elections.
How did they do it?
Cambridge Analytica says it “combines data mining, data brokerage, and data analysis with strategic communication for the electoral process”. The firm was created in 2013 as an offshoot of its British parent company SCL Group to participate in American politics. In 2014, CA was involved in 44 US political races.
The first time CA gained some public notoriety in the US was during Ted Cruz’s presidential campaign, in 2015. However, one year later, after Ted Cruz’s campaign faltered, CA worked for Donald Trump and on the Leave.EU campaign for the United Kingdom’s withdrawal from the European Union (Brexit). As history shows, both campaigns were highly successful.
Cambridge Analytica’s role in both campaigns was highly controversial and it’s currently the subject of an ongoing criminal investigation in the US and the UK.
The illegally obtained data was harvested by a Aleksandr Kogan, a psychology academic, who designed a personality testing app “thisisyourdigitallife” (marketed as a personality test used by psychologists). The user data he collected was later on passed onto Cambridge Analytica.
270,000 people downloaded the app and gave access not only to their data, but some of their friends’—depending on their settings, which allowed the “data crawlers” to spread like wildfire across the vast friends networks of Facebook users. The problem is they didn’t agree on sharing the data with any other companies, something which comes in direct violation of Facebook’s platform policies.
Based on that illegally obtained data, CA would build models to exploit what they already know about the users and to target everyone specifically, according to a report by The Observer.
Facebook’s reaction to the breach & the investors lawsuit
However, the main problem for Facebook is that in the aftermath of finding the breach, they’ve deleted the app, requested a certification from all involved that the obtained data has been destroyed, but never followed up on it, Quartz reports.
Facebook’s way of handing the problem angered the investors, who now issued a lawsuit, blaming the social network’s failure to safeguard their privacy. The suit would represent people who bought shares of Facebook from Feb. 3, 2017, when Facebook filed its annual report and cited security breaches and improper access to user data, through March 19, according to Bloomberg.
Investors were also angered by the fact that Facebook denied all allegations, and when they’ve heard that The Guardian and The New York Times will report the breach, which was kept hidden for three years, it immediately issued a statement saying that they are suspending Cambridge Analytica and SCL Group from Facebook, trying to get ahead of the news. Facebook also suspended Christopher Wylie’s account (the whistleblower).
“The claim that this is a data breach is completely false. Aleksandr Kogan requested and gained access to information from users who chose to sign up to his app, and everyone involved gave their consent. People knowingly provided their information, no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked”.
Moreover, investors claim that instead of naming the source of the investigation and answering specifically and truthfully to the claims, Facebook chose to mention something vague, to “prep” the audience for the storm that was to follow.
“Several days ago, we received reports that, contrary to the certifications we were given, not all data was deleted. We are moving aggressively to determine the accuracy of these claims. If true, this is another unacceptable violation of trust and the commitments they made.”
Facebook shares plummeted after the news broke, dropping 6.7% on Monday and more than 5% on Tuesday, wiping around 50 billion dollars of its market value.
What’s to be learned?
As analysts, we have a duty to both safeguard the data we collect, and to use it properly, legally, for the reasons that the users trusted us with.
It is easy to get hyped when you’re facing endless rows of data, some more precious than gold, but, to quote a Marvel classic, always remember: with great power, comes great responsibility.
Data is currently the world’s most precious commodity, and companies and individuals across the globe are trying hard to find ways to both harvest more of it and to protect it.
Europe’s reaction to the growing data-security crisis is a new Data Protection law – GDPR (General Data Protection Regulation), which will force any company handing data to walk the extra mile to safeguard their client’s data.
GDPR will reshape the way organizations across the region approach data privacy and the harsh punishments for companies which fail to comply (up to 4% of the firm’s worldwide turnover) will be a reminder for anyone trying to meddle with data.
But regulators will not be able to verify how every company is handling data, and news agencies won’t always break the story.
Safeguarding a user’s privacy should also be a main concern and the mission of any business allowing third party-firms to operate on their sites.
It falls to us, the analytics community, to educate, to protect and to ensure that user data and their privacy is safeguarded.
The damages Facebook sustained in one week might be permanent. On top of losing 50 billion dollars in market value, one of the best trending articles at the moment is a tutorial on “How to delete Facebook”.
UPDATE: Mark Zuckerberg posted on Facebook after the Cambridge Analytica scandal
“We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you. I’ve been working to understand exactly what happened and how to make sure this doesn’t happen again. The good news is that the most important actions to prevent this from happening again today we have already taken years ago. But we also made mistakes, there’s more to do, and we need to step up and do it.”
UPDATE 2: The latest Cambridge Analytica development: The Facebook pages of Elon Musk’s SpaceX and Tesla disappeared on Friday, minutes after Elon Musk promised on Twitter to take down the pages.