Facebook is in hot water after acknowledging that a consulting group – that has worked on several high profile political campaigns, including that of President Donald Trump’s – used the social media company’s platform to harvest the data of 50 million users.
The company last week said that in 2015, an app developer violated the company’s platform policies by collecting data via an app under the pretense of using it for psychological research – and instead passing users’ personal information to Cambridge Analytica and its parent company SCL.
Facebook maintains that the incident wasn’t a data breach – but since then, critics have come forward questioning how Facebook enforces privacy policies to protect user data, particularly with third-party app developers.
Cambridge Analytica is a U.K.-based company that helps political parties target voters with specific messages, based on information gleaned from data mining and analysis. The consulting company has been linked with Donald Trump’s presidential campaign and the Leave.EU campaign as part of the U.K.’s withdrawal from the European Union.
The app developer, Aleksandr Kogan, requested and gained access to information from users who downloaded his app, “thisisyourdigitallife” on Facebook, which billed itself as “a research app used by psychologists.”
Up to 270,000 Facebook users downloaded the app – giving Kogan consent to access data, such as the city they live in or content they “Liked” on Facebook. However, in 2015, Facebook also enabled developers to collect data on the Facebook Friend networks for users – meaning that when users agreed to show their data to Kogan, he could also access data about their Friends. This means that overall, Kogan was able to access the data from up to 50 million Facebook users.
Facebook said it removed the app from the platform in 2015, but a bombshell article in The Guardian over the weekend put former Cambridge Analytica employee Christopher Wylie in the spotlight, who said that Facebook was aware of Kogan’s app pulling an enormous amount of data – but had been told that it was for research purposes, instead of being fed to Cambridge Analytica.
“Although Kogan gained access to this information in a legitimate way and through the proper channels that governed all developers on Facebook at that time, he did not subsequently abide by our rules,” said Paul Grewal, VP and deputy general counsel at Facebook in a statement.
“We are moving aggressively to determine the accuracy of these claims. If true, this is another unacceptable violation of trust and the commitments they made. We are suspending SCL/Cambridge Analytica, Wylie and Kogan from Facebook, pending further information,” said Grewal.
Despite these steps, critics have come forward, angry that app developers can jump through loopholes and collect data, similar to Kogan, all while being perfectly within Facebook’s rules and guidelines. On top of these concerns, the company did not inform users whose data had been harvested.
Facebook has come under scrutiny from political actors about how it handles data privacy and the implications for end users of the popular social media platform.
U.S. Senator Mark R. Warner, who serves as vice chairman of the Senate Select Committee on Intelligence, said that authorities need to bring transparency and accountability when it comes to online political advertisements and data:”Whether it’s allowing Russians to purchase political ads, or extensive micro-targeting based on ill-gotten user data, it’s clear that, left unregulated, this market will continue to be prone to deception and lacking in transparency,” he said in a statement.
Meanwhile, Massachusetts Attorney General Maura Healey on Saturday announced she was launching a state investigation into the matter.
#BREAKING: Massachusetts residents deserve answers immediately from Facebook and Cambridge Analytica. We are launching an investigation. https://t.co/wjqmHa6zjm
— Maura Healey (@MassAGO) March 17, 2018
Others, like Connecticut senator Richard Blumenthal, called for public open hearings for Facebook, saying that the company’s failure to secure privacy of data “seems a breach of trust and even law.”
Facebook’s failure to secure privacy of private data – that it released – seems a breach of trust and even law. Judiciary Committee should hold open hearings, with Facebook, Cambridge Analytica, and others, under oath and in public.
— Richard Blumenthal (@SenBlumenthal) March 19, 2018
Top Facebook executives also took to Twitter to fire back, arguing that privacy violations did not exist as no passwords were stolen or hacked. Andrew Bosworth, VP of AR and VR at Facebook, was one such executive, who tweeted that “this was unequivocally not a data breach.”
This was unequivocally not a data breach. People chose to share their data with third party apps and if those third party apps did not follow the data agreements with us/users it is a violation. no systems were infiltrated, no passwords or information were stolen or hacked.
— Boz (@boztank) March 17, 2018
Cambridge Analytica has responded to Facebook’s post, blaming Kogan for violating the social media’s rules and saying it deleted the data when it learned of the issue two years ago: “Cambridge Analytica fully complies with Facebook’s terms of service and is currently in touch with Facebook following its recent statement that it had suspended the company from its platform, in order to resolve this matter as quickly as possible,” it said in a statement.
Wylie, for his part, on Sunday said that he was suspended from Facebook for acting as a whistleblower “on something they [Facebook] have known privately for 2 years.”
Suspended by @facebook. For blowing the whistle. On something they have known privately for 2 years. pic.twitter.com/iSu6VwqUdG
— Christopher Wylie (@chrisinsilico) March 18, 2018
Moving forward, Facebook said in a statement that it would continue to work to ensure compliance with its privacy policies, including random audits of existing apps and proactive monitoring of fast growing apps.
“We enforce our policies in a variety of ways — from working with developers to fix the problem, to suspending developers from our platform, to pursuing litigation,” said the company. Bosworth stressed that “we [Facebook] must do better and will.”
We do. Our business depends on it at every level. These policies changed in 2014 but clearly that was not soon enough or rigorously enforced enough. We must do better and will. https://t.co/Mckdqz7Rq5
— Boz (@boztank) March 17, 2018
Source: ThreatPost