Facebook never earned your trust and now we're all paying the price

News reports have been swirling about Facebook (a company you know), Cambridge Analytica (a company you might not have heard of), and the 2016 United States presidential election. It's an important story, but I've observed a critical misunderstanding or miscasting of the discussion in many media outlets, even those that are supposed to be tech-savvy. You've maybe seen this story described as a "breach" or a "leak."

The reality is far more distressing: Facebook basically gave away our profile data. The company has always made all of this data available, it just never expected it to be used like this.

Facebook, Cambridge Analytica, and what happened

Cambridge Analytica is a data mining and analysis firm that specializes in delivering, to quote their mission statement, "Data-Driven Behavioral Change by understanding what motivates the individual and engaging with target audiences in ways that move them to action."

Which is to say, it uses profile data to tailor messaging and advertisements. This isn't a new concept — magazine, TV, and radio ads have long been customized to subscriber demographics. What's new is the breadth, depth, and precision of the targeting. The nature of the internet means that a huge amount of data about you is available for the taking, and you've given it all away.

Cambridge Analytica worked with the 2016 presidential campaign of Donald Trump, using the data of 50 million Facebook users to target advertisements at voters that they believed to be receptive to the campaign's message. It was an effort unprecedented in politics, and how much it affected the vote is unanswerable. But there's little doubt there was an effect. But how did Cambridge Analytica get that much data?

How did the Trump campaign's digital operation get its hands on 50 million user profiles? Facebook basically gave away your info.

According to some excellent reporting by The New York Times, Cambridge Analytica built a personality survey app that required a Facebook log-in. That app was distributed by a compliant Cambridge University professor, who claimed the data would be used for research. This was entirely legal and in accordance with Facebook's policies and the profile settings of its users. That the data was passed from the professor to Cambridge Analytica was a mere violation of Facebook's developer agreement.

Around 270,000 Facebook users reportedly downloaded the survey app. So how did Cambridge Analytica harvest the data of some 50 million users? Because they were Facebook friends of people who downloaded the app.

How this happened

Facebook's policies and default privacy settings allow apps to collect massive amounts of profile data. That information is supposed to be used to provide you with a customized product; in reality, it's usually tailored advertisements. The most painful part is that we users opened the door to these apps — the user has to download the app and grant it permission to access their Facebook profile. It tells you right up front what data it wants access to.

Taking the survey required allowing access to your Facebook profile. Thanks to Facebook's default privacy settings (which only a small portion of users have changed) the survey app also pulled in the profile data of millions of Facebook friends. All of this data was forwarded to Cambridge Analytica, which rolled it up with data from other sources to build psychological profiles of potential voters.

Facebook is a business, but that business is not being a social network — the business is advertising.

Facebook says it cares about your privacy, but that's lip service. The company wants you to be just comfortable enough that you keep sharing. Facebook is a business, but that business is not being a social network — the business is advertising. The free social network that most Facebook users use is a conduit for collecting data and distributing ads. Facebook was designed to get you to hand over as much information and spend as much time on it as possible, all in order to deliver more and better-targeted ads.

How we got here

Years ago we, as a collective of internet users, made a grand bargain. Given the choice between paying for a subscription service or getting a service for free and dealing with ads, we chose free with ads. Except we paid with our data and we had no concept of its value. Facebook, Google, and others are all designed to gather more and more data, and they've become more and more effective at synthesizing that data and precisely targeting users. Google's free product is an incredible search engine, but the company logs all of those searches to build a profile of you and sell ads against that profile.

This is true of most companies built on a free service, including Facebook, Google, Twitter, Spotify, even free tax preparation services. The real customer is whoever is buying your data or buying advertising slots based on your data.

If you're not paying for the product, then you are the real product.

That's just how the modern web works. What we've failed to grasp are the scope of all that data and its potential. But the people collecting it certainly did. They were playing a long game and they made it fun for users. We were happy to fill out our profiles, delighted to post about our interests, comfortable handing over our files, and just fine with logging our searches.

You know the phrase "knowledge is power"? In the twenty-first century, data is power, and whoever controls it writes the rules.

Consequences and the presidential election

None of this excuses Facebook or Cambridge Analytica. That your data was readily available for exporting and exploiting — via your friends — should both appall and infuriate you. But this was not a breach or a leak; it was an exploitation of Facebook's own tools and rules.

Facebook and Cambridge Analytica will be hauled in front of Congressional committees for testimony. But what happened was not against any laws, and it's not clear if there will be any consequences beyond revoking Cambridge Analytica's access to new Facebook user data. (Facebook requested the data be deleted, but it has no way to enforce that request.)

No laws were broken; it's not clear if there will be consequences. But it was grossly negligent.

Your seemingly innocent and private profiles, musings, likes, and shares were all mined and assembled into a profile of how best to exploit your beliefs, fears, and hopes during the last election. It's disconcerting when this information is used for advertising; it's terrifying when that same data is used to sway the electorate.

Trump did not run a sophisticated traditional campaign. His traditional "ground game" was incredibly lacking, but he made up for it with loud media savvy (either by accident or by design) and a quiet and unprecedented online campaign that understood the power of your data better than any in the past. And now Donald Trump is President of the United States.

Data. Is. Power.

So what now?

This was the natural next evolution of the web we implicitly agreed to without understanding the trade-offs. Users and companies have reaped rewards from this data, but this level of abuse was only a matter of time.

Our society is built on trust, and when that trust fails we make laws. We trusted Facebook and the company gave away our data with an unenforceable developer agreement as the only safeguard. Facebook isn't alone — every company wants your data, and you should be reticent to trust any of them. It doesn't matter what company we're talking about — Google, Uber, Apple, Amazon, Microsoft, Tesla, Spotify, et al — they all want your data. Some are more judicious in how they handle it, but even if they're not selling your data they will use it to sell to you.

I won't tell you to delete your Facebook account, but I also won't stop you. Nobody has to have a Facebook account. If you want to keep using Facebook, review your privacy settings, your profile information, which apps you've authorized, and even what you're posting and liking.

Don't trust Facebook or any other company with data you wouldn't give to a complete stranger. Don't log in to apps or services with your Facebook profile — and if they offer no alternative, use something else. Don't take random Facebook quizzes. Think twice before posting any personal information online. We all need to be cognizant of the data we're giving out.

That's the short game. In the longer term, we need systems in place to protect everyone. Silicon Valley is not going to fix this problem; its leaders are too naive about the nature of the humans to realize it even is a problem. We have laws and regulations governing airplanes, pharmaceuticals, construction, shipping, and everything else under the sun. I'm not normally one to advocate for more regulation, but it's clear that today's laws were not written for the modern internet.

Silicon Valley is too naive to even realize this is a problem, let alone fix it on their own.

Digital companies will claim that current laws and regulations are enough and that new ones will limit innovation. New regulation will indeed increase costs, but as long as there is money to be made investments will not stop. Regulation didn't stop innovation in the automotive or aerospace industries, and it certainly won't bring tech innovation to a halt. Some coalition of tech companies will issue an "Internet Bill of Rights" or such and say its principles will be sufficient to protect users. We've seen such pledges before But anything short of federal law will be insufficient. The tech sector accounts for nearly one-tenth of the U.S. economy and is growing rapidly; it's in everybody's best interest for it to be sensibly regulated.

It's well past time that we demand tech companies act responsibly with our data. The internet of today and the hyper-customized AI services of tomorrow only work if we can trust them to respect and safeguard our data. We users need to get a better handle on what we're putting out there for free, what's being done with our data, and what we expect from the Facebooks, Googles, Amazons, and Apples of the world.

Either through negligence or malevolence, our implicit trust in these companies was misplaced. We need trust for all of this to work, and the only way for that trust to be restored is through concrete action and enforceable regulations.

Derek Kessler is Special Projects Manager for Mobile Nations. He's been writing about tech since 2009, has far more phones than is considered humane, still carries a torch for Palm (the old one), and got a Tesla because it was the biggest gadget he could find. You can follow him on Twitter at @derekakessler.

136 Comments
  • Thanks AC for this. I am a casual user who will post photos occasionally for family members. Perhaps I'll post a status update once a month, and make a comment or two. I am by no means a power user, my profile is private and I don't allow others to tag me without approval. Profile privacy settings aren't default, but slightly elevated. I'm tired of trying to keep up with what FB is changing in terms of features and privacy. At this point, I have no problem with letting it go completely.
  • I understand! It really became difficult to keep up with FB's ever changing policies which evolved so much to enclose what we were able to see, share and be tagged into. I used to really enjoy sharing and watching different media until it became a very singular ecosystem.
  • You are me to a Tee
  • No mentions anywhere that Obama Team used Facebook data in THE EXACT SAME WAY in 2012. Standard Leftie partisan reporting here. Zuckerberg didnt care in 2012 cuz as he said "they're on our side". This whole lopsided reporting on everything Trump is nauseating. Keep it up Liberals, it's why he won in 2016.
  • Thank you for posting this! Here are just 3 of the articles by The Guardian, written in 2012 describing how the Obama campaign did the same thing. Yet, when he did it was proclaimed genius. 1) https://www.theguardian.com/world/2012/feb/17/obama-campaign-digital-team
    2) https://www.theguardian.com/world/2012/may/14/obama-digital-campaigning-...
    3) https://www.theguardian.com/technology/2012/nov/11/obama-data-voter-stat... It's only bad if conservatives do it.
  • None of those articles describe Obama doing the exact same thing, largely because you chose articles lacking in details.
    And the point isn't a partisan one, people are becoming a lot more privacy conscious today compared to 2012, for large variety of reasons including tech fatigue, certain modern political upsets and the large number of privacy and security breaches that have affected nearly every single American.
  • How about this one: https://www.theguardian.com/world/2012/feb/17/obama-digital-data-machine...
  • https://www.cnn.com/2012/11/07/tech/web/obama-campaign-tech-team/index.html
    https://www.investors.com/politics/editorials/facebook-data-scandal-trum...
    https://www.digitaltrends.com/social-media/facebook-gets-central-role-in...
  • Or maybe that's just the most recent example that's also directly related to the "guilty" company in question here. Not everything has to become politicized. Both sides are guilty of doing just that, though...
  • Facebook's lawyers will argue that it is not a leak or breach of trust when users willfully posted and share the personal information. These data mining companies simply take advantage of entry points and loopholes holes to everything and everyone connected to it. After this these companies hand over to marketing companies that are then used by unscrupulous politicians to target their swill to the gullible masses in order to manipulate elections and divide people. But what do I know. I don't use face book anymore. Was sick of reposted obvious propaganda and twisted "news" stories.
  • /takes off tinfoil hat and uninstalls 20 games and apps from Android that maybe no worse or better.
  • Folks, it's not the leak of your data that's the problem here. If you posted it publicly, you've made it available. But there is a big problem. And that's the way they allow advertisers to target you with propaganda posing as phony news stories. Even Cambridge Analytica admits on video that the personal data would be useless if the propaganda they disseminated using it were clearly labeled as political advertising. The bonanza for Cambridge (and Facebook - who makes money off those phony stories, and the extra time people spend online responding to them - and to the trolls that also respond to them) is wholly dependent on this native advertising model. Facebook makes no distinction between The New York Times and Joe Schmo Romanian Fake News outlet. That would be illegal on TV, and possibly in other media as well when it comes to political advertising. Facebook isn't special. Just because they want to run a 'media' company without any employees generating or vetting content doesn't mean we have to let them. Try this on for size Mark: "I'm Vladimir Putin, and I approve this message". Problem solved. And ferchrissake, make the bots solve a Captcha before posting on a public item that was not originally posted by one of their friends and limited to consumption by their friends. Is that so hard?
  • Exactly
  • I would say in this case, that it isn't about the people who knowingly took the survey, but their "friends" who didn't consent to anything and had their data being collected.
  • My FB page has been deactivated for six years. I'm not on Snapchat, Instagram, Twitter. Been on the web since the old bulletin board days in 1988, domain since 1994. I think Google, et al has enough info on me already.
  • Same here. Disabled all FB 6 years ago, not on IG etc...
  • I was never on FB or any other social media. All I do is comment on articles and am a member of some forums (Android, classic car). While I'm not as data private as I could be, I'm more private than the majority of people.
  • I've personally never used Facebook, twitter, et al. Just never saw the point, it all seemed pretty shady to me in the 1st place.
    I get why people use it, and I'm sure it's not all bad. But this kind of thing was inevitable eventually. I'm just surprised it's taken this long.
  • This isn't the first time Facebook has deceived its users and likely won't be the last. I deleted my Facebook account back in early '14 and haven't looked back.
  • Big Brother and the Holding Company.
    Orwell was off by 30 years.
  • If you want a social life your stuck with Facebook. At least that was my experience, everyone forgets you exist and you get invited to nothing. Too many people I know rely on Facebook Events to make plans.
  • I don't have FB and never will. I'll call or text. If people only communicate with FB, they are not communicating.
  • Exactly
  • True dat
  • I'm not all supportive in FB with all this, but that opinion is complete bull crap. "If people only communicate with FB, they are not communicating." You might as well just say the same thing about snail mail, email, other IM services, phone calls.. literally anything other than in person. FB is one form of communication. In function, no better or worse than others.
  • LOL if people who need FB for a social life is pretty pathetic IMO. If you can't communicate with people off of facebook and these are people you "know" than they are clearly not friends.
  • ROF...I don't have FB and never will, I'm doing just fine. I've seen more people waste time and get trapped into it's addicting algorithm, what a waste.
  • It's all well and good for you guys to congratulate yourselves for not using Facebook, but that completely ignores the problem - which is the fact that hundreds of millions of Facebook users are having their voting behavior manipulated through disinformation campaigns riding the irresponsible Facebook advertising and 'sharing' systems. If you care about the integrity of our elections, it won't do to simply not use FB yourselves. Something needs to be done about the way Facebook works. And it will take pressure from their users to make that happen. So, like they say, if you're not part of the solution... And in this case, simply not using FB and assuming that's any kind of an answer solves nothing.
  • Folks are only "having their voting behavior manipulated" if they allow themselves to believe things on Facebook, without vetting the info from a source they trust. If folks are too lazy to vet the info, perhaps what is shown on FB is not really the issue.
    As in all of life, buyer beware.
  • Their voting behavior is being altered by cable news as well. It's just the times. Dumb people are the low hanging fruit for anyone with an agenda.
  • Actually, in capitalism the answer IS not using facebook. If more people are angry about it they will leave facebook. They give you a free product, what do you think you're leverage is? My assumption is that most people simply don't care. They weigh their options of staying connected with friends and family through a free system where they're data is mined and used to sell to them. You call it manipulation, but it's just advertising. And it's not the only source of manipulation. Look at how news outlets (AP, Reuters, ABC, NBC, CBS, CNN, Fox) package their news stories. The stories are crafted in a way that purports a one-sided view: their view. How words are said, how events are presented, what stories are brought to the "front of the hour" or the "front page". We've been manipulated for years. Take this story for instance, pinned at the top of Android Central. It's a clear indication of their politics. Why is an article about facebook front and center on a blog about Android OS? It doesn't make sense. I come here for news about Android. I don't care about facebook, but it hit me in the face every time I came here for the last two days so I had to read it. Like the article said, facebook is free because you sold yourself. If you don't want to be sold, get off facebook. Even if they change their policies, they're not going to change their ways, they're only going to find new (hidden) ways to do the same thing. Bottom line is there is always a bottom line.
  • Do you actually think people made voting decisions based upon an ad? No one in my generation would but maybe the Millennials would
  • No offense but that is sad. My family and friends knows that I barely check my fb so they either call or text me if they need anything. Plans are talked face to face since we all pretty much see each other everyday. I don't really consider someone a friend if the only way they can reach me is through facebook.
  • as a person who plans events, ya i do make some exceptions for some people off facebook, but its just easier to make an event and invite everyone, and thats what its about , ease. it is a pain in the butt to call or text something i wrote out nicely and posted in a common space for people to refer to in case they have questions. if i answer it for one person on a facebook event whoever else in the group sees the answer and doenst ask me again, but now im gonna answer the same questions i just answered . i recently has this issue inviting someone to a charity event all the details were on the page but the person i invited i couldnt just steer them to the page because they didnt have facebook. i like being able to send out the mass message and get as much info back in quick time and take polls and vote. it makes planning and collaborating easier
  • Maybe write the same content but in an email and BCC to the email addresses of the people you want to invite?
  • Group text works well
  • You're a fool.if you thought stuff like this wasn't happening. Advertisers have been doing stuff like this for years. This isn't much different than anything else. People just don't like how it was used. When you can serch for something in chrome or Amazon or any other shopping app and suddenly you see these things or similar in your Facebook feed of course these things are happening.
  • You should probably research Cambridge Analytica before commenting on this article. 🙄
  • Yes, it's creepy as hell that advertisers follow you deep into the bowels of Facebook. But those ads are clearly marked as ads, and are only as manipulative as a clearly marked as can be. I e., not too. That sucks, but it is a whole other thing from disinformation being presented as 'news' stories. That is the death knoll for journalism, and if we don't watch out, democracy.
  • That's because the default ad settings on Facebook ALLOW THAT TO HAPPEN.
  • For good reasons i don't have FB account
  • I have been saying the following for years; "If you don't know what the product is; you are the product." This applies to Facebook and all social media. It applies to Google to a large extent also. I have never done Facebook, Instagram, SnapChat, MySpace, etc.
    Social media is not your friend and you don't "need" a social media account.
    I find it disturbing that some college applications and scholarships require social media accounts. The apps also tend to be battery hogs and collect other data from your phone in the background and gather usage statistics. I'm not saying delete the apps, but I sure don't have them or any other data collection apps on my phone.
  • How is the passionate, flame-fanning, fear-mongering in this article any better than what Facebook perpetrated? Regardless of what people are shown, they have a responsibility to make their own decisions. This whole situation is being blown way out of proportion. There are opt-outs for a reason. Additionally, if a person's 'news' is coming from a Facebook algorithm, they've got bigger problems.
  • Exactly. Facebook Privacy settings are pretty straightforward. It's up to you to set your privacy preference. It's also up to you to think for yourself when it comes to the things that show up in your profile and how you interact with them.
  • How is it different? Really? How about because, unlike the crap on Facebook, this 'alarmist' story happens to be true.
  • I'm not on FB so maybe I'm not understanding this correctly, but isn't the real issue not about the people who took these surveys, but their friends who didn't have anything to do with it, didn't consent to it, and their data is fair game because their friend too a survey?
  • Exactly. I could have my information swept up because of something a friend does. I've since changed my settings, but most people don't.
  • As I've read further, I understand that people could've changed their privacy settings to counter this, but my question is this. If FB truly has their customers' best interests in mind, why aren't the default settings setup to stop this? It's the same as those programs Verizon used to introduce that weren't in their customers best interests, but to stay out of it you had to opt out. Since most people don't read tech blogs, most would never know about it and would therefore be part of those programs without their knowledge or consent.
  • Because Facebook is a for profit company that intends to make as much money as possible. They will only do what's in the best interest of the users when it could result in bad PR, lose them money, or lose them users/screen time with users (which is really just losing more money).
  • I don't have FB either, but the real story is this happened in 2012 with Obama and he was hailed as a genius for using data from social media. Now that the opposition had outsmarted them its a story. Nice article but a little late!
  • Yeah...and the use of it in 2016 was phased out before the election. The media was grasping for a Trump story.
    https://www.cbsnews.com/news/trump-campaign-phased-out-use-of-cambridge-...
  • And it was fine before. One reason to lie on social media. Facebook likely thinks that I'm fearful of DHMO also. http://thehill.com/opinion/technology/379245-whats-genius-for-obama-is-s...
  • There is no story there. 🙄
  • It shouldn't be allowed at all however there are differences. The researcher in this case was clearly not allowed to use this data for commercial purposes. They sold it to a political campaign.
  • I suppose Hillary's campaign never got any. Of course we would never know since they tend to trash servers
  • Anyone else not surprised that Cambridge Analytica gets funded, in part, by Russia and the company helped Trump win the election? The evidence keeps piling up. It’d be great to see all the evidence Mueller has against Trump.
  • Does anybody still believe in the Russian Collusion? There is no evidence against Trump. Let's move on.
  • Tell that to Muller please.
  • apparently mueller isn't all so interested in russian collusion anymore either, he has moved onto obstruction of justice
  • He was always interested in that, but obstruction is WAY EASIER to prove. Tell the people that plead guilty and those indicted the there's nothing there.