Facebook never earned your trust and now we're all paying the price

News reports have been swirling about Facebook (a company you know), Cambridge Analytica (a company you might not have heard of), and the 2016 United States presidential election. It's an important story, but I've observed a critical misunderstanding or miscasting of the discussion in many media outlets, even those that are supposed to be tech-savvy. You've maybe seen this story described as a "breach" or a "leak."

The reality is far more distressing: Facebook basically gave away our profile data. The company has always made all of this data available, it just never expected it to be used like this.

Facebook, Cambridge Analytica, and what happened

Cambridge Analytica is a data mining and analysis firm that specializes in delivering, to quote their mission statement, "Data-Driven Behavioral Change by understanding what motivates the individual and engaging with target audiences in ways that move them to action."

Which is to say, it uses profile data to tailor messaging and advertisements. This isn't a new concept — magazine, TV, and radio ads have long been customized to subscriber demographics. What's new is the breadth, depth, and precision of the targeting. The nature of the internet means that a huge amount of data about you is available for the taking, and you've given it all away.

Cambridge Analytica worked with the 2016 presidential campaign of Donald Trump, using the data of 50 million Facebook users to target advertisements at voters that they believed to be receptive to the campaign's message. It was an effort unprecedented in politics, and how much it affected the vote is unanswerable. But there's little doubt there was an effect. But how did Cambridge Analytica get that much data?

How did the Trump campaign's digital operation get its hands on 50 million user profiles? Facebook basically gave away your info.

According to some excellent reporting by The New York Times, Cambridge Analytica built a personality survey app that required a Facebook log-in. That app was distributed by a compliant Cambridge University professor, who claimed the data would be used for research. This was entirely legal and in accordance with Facebook's policies and the profile settings of its users. That the data was passed from the professor to Cambridge Analytica was a mere violation of Facebook's developer agreement.

Around 270,000 Facebook users reportedly downloaded the survey app. So how did Cambridge Analytica harvest the data of some 50 million users? Because they were Facebook friends of people who downloaded the app.

How this happened

Facebook's policies and default privacy settings allow apps to collect massive amounts of profile data. That information is supposed to be used to provide you with a customized product; in reality, it's usually tailored advertisements. The most painful part is that we users opened the door to these apps — the user has to download the app and grant it permission to access their Facebook profile. It tells you right up front what data it wants access to.

Taking the survey required allowing access to your Facebook profile. Thanks to Facebook's default privacy settings (which only a small portion of users have changed) the survey app also pulled in the profile data of millions of Facebook friends. All of this data was forwarded to Cambridge Analytica, which rolled it up with data from other sources to build psychological profiles of potential voters.

Facebook is a business, but that business is not being a social network — the business is advertising.

Facebook says it cares about your privacy, but that's lip service. The company wants you to be just comfortable enough that you keep sharing. Facebook is a business, but that business is not being a social network — the business is advertising. The free social network that most Facebook users use is a conduit for collecting data and distributing ads. Facebook was designed to get you to hand over as much information and spend as much time on it as possible, all in order to deliver more and better-targeted ads.

How we got here

Years ago we, as a collective of internet users, made a grand bargain. Given the choice between paying for a subscription service or getting a service for free and dealing with ads, we chose free with ads. Except we paid with our data and we had no concept of its value. Facebook, Google, and others are all designed to gather more and more data, and they've become more and more effective at synthesizing that data and precisely targeting users. Google's free product is an incredible search engine, but the company logs all of those searches to build a profile of you and sell ads against that profile.

This is true of most companies built on a free service, including Facebook, Google, Twitter, Spotify, even free tax preparation services. The real customer is whoever is buying your data or buying advertising slots based on your data.

If you're not paying for the product, then you are the real product.

That's just how the modern web works. What we've failed to grasp are the scope of all that data and its potential. But the people collecting it certainly did. They were playing a long game and they made it fun for users. We were happy to fill out our profiles, delighted to post about our interests, comfortable handing over our files, and just fine with logging our searches.

You know the phrase "knowledge is power"? In the twenty-first century, data is power, and whoever controls it writes the rules.

Consequences and the presidential election

None of this excuses Facebook or Cambridge Analytica. That your data was readily available for exporting and exploiting — via your friends — should both appall and infuriate you. But this was not a breach or a leak; it was an exploitation of Facebook's own tools and rules.

Facebook and Cambridge Analytica will be hauled in front of Congressional committees for testimony. But what happened was not against any laws, and it's not clear if there will be any consequences beyond revoking Cambridge Analytica's access to new Facebook user data. (Facebook requested the data be deleted, but it has no way to enforce that request.)

No laws were broken; it's not clear if there will be consequences. But it was grossly negligent.

Your seemingly innocent and private profiles, musings, likes, and shares were all mined and assembled into a profile of how best to exploit your beliefs, fears, and hopes during the last election. It's disconcerting when this information is used for advertising; it's terrifying when that same data is used to sway the electorate.

Trump did not run a sophisticated traditional campaign. His traditional "ground game" was incredibly lacking, but he made up for it with loud media savvy (either by accident or by design) and a quiet and unprecedented online campaign that understood the power of your data better than any in the past. And now Donald Trump is President of the United States.

Data. Is. Power.

So what now?

This was the natural next evolution of the web we implicitly agreed to without understanding the trade-offs. Users and companies have reaped rewards from this data, but this level of abuse was only a matter of time.

Our society is built on trust, and when that trust fails we make laws. We trusted Facebook and the company gave away our data with an unenforceable developer agreement as the only safeguard. Facebook isn't alone — every company wants your data, and you should be reticent to trust any of them. It doesn't matter what company we're talking about — Google, Uber, Apple, Amazon, Microsoft, Tesla, Spotify, et al — they all want your data. Some are more judicious in how they handle it, but even if they're not selling your data they will use it to sell to you.

I won't tell you to delete your Facebook account, but I also won't stop you. Nobody has to have a Facebook account. If you want to keep using Facebook, review your privacy settings, your profile information, which apps you've authorized, and even what you're posting and liking.

Don't trust Facebook or any other company with data you wouldn't give to a complete stranger. Don't log in to apps or services with your Facebook profile — and if they offer no alternative, use something else. Don't take random Facebook quizzes. Think twice before posting any personal information online. We all need to be cognizant of the data we're giving out.

That's the short game. In the longer term, we need systems in place to protect everyone. Silicon Valley is not going to fix this problem; its leaders are too naive about the nature of the humans to realize it even is a problem. We have laws and regulations governing airplanes, pharmaceuticals, construction, shipping, and everything else under the sun. I'm not normally one to advocate for more regulation, but it's clear that today's laws were not written for the modern internet.

Silicon Valley is too naive to even realize this is a problem, let alone fix it on their own.

Digital companies will claim that current laws and regulations are enough and that new ones will limit innovation. New regulation will indeed increase costs, but as long as there is money to be made investments will not stop. Regulation didn't stop innovation in the automotive or aerospace industries, and it certainly won't bring tech innovation to a halt. Some coalition of tech companies will issue an "Internet Bill of Rights" or such and say its principles will be sufficient to protect users. We've seen such pledges before But anything short of federal law will be insufficient. The tech sector accounts for nearly one-tenth of the U.S. economy and is growing rapidly; it's in everybody's best interest for it to be sensibly regulated.

It's well past time that we demand tech companies act responsibly with our data. The internet of today and the hyper-customized AI services of tomorrow only work if we can trust them to respect and safeguard our data. We users need to get a better handle on what we're putting out there for free, what's being done with our data, and what we expect from the Facebooks, Googles, Amazons, and Apples of the world.

Either through negligence or malevolence, our implicit trust in these companies was misplaced. We need trust for all of this to work, and the only way for that trust to be restored is through concrete action and enforceable regulations.

Derek Kessler is Special Projects Manager for Mobile Nations. He's been writing about tech since 2009, has far more phones than is considered humane, still carries a torch for Palm, and got a Tesla because it was the biggest gadget he could find. You can follow him on Twitter at @derekakessler.

23 Comments
  • Value is subjective. Not everyone cares about this and these sensational stories really only appeal to a minority demographic. Most people either don't care, or enjoy tailored ads. (If you're going to be forced to see ads you might as well see ads that interest you) Facebook's data use and collection activities are common knowledge and easily found by reading through their terms of service. This isn't news. The issue here is the way Cambridge went about using that data. Facebook found out, they took actions against it. It was a clear violation of their terms of service and they handled it accordingly. The majority of users will not be deleting their Facebook. They won't be ending their use of Google. Most people either don't care about how their data is monetized or simply aren't concerned enough to research it as it's not adversely affecting their day to day lives. I don't use Facebook because I'm not a fan of the service and how intrusive it is. But I'm in the minority here. They have over 1 billion active users. Most people are just fine with the tradeoffs.
  • The problem is not that "most people are just fine with the tradeoffs." It's that they have no clue what the tradeoffs are because there's (understandably) been no effort on the part of those collecting the data to be upfront about it.
  • As an I.T. Consultant, I've had numerous people contact me over the years because they are concerned about their online privacy - my advice, to them, has always been the following: 1. Don't put any information on a public website that would cause you a problem if that website was ever breached.
    2. Don't assume that Social Media is hackproof.
    3. Don't put critically important information online.
    4. If you didn't initiate the phone call, never give out personal information over the phone.
    5. Any website can be hacked given enough time and resources.
    6. Practice "Common Sense" when it comes to your online presence.
  • These are all good point but, is sucks when places like Equifax has a data breach or your university.
  • You are correct. I have been going through my Facebook settings this morning after reading your article and several others. The maze of settings you have to go through is absolutely mind-boggling. I enjoy seeing what my friends and family are doing and up to, but this is ridiculous and has me just about to push the Delete button.
  • While I have no problem with Trump winning the election, I don't care for a lot of what Facebook does. I keep it so I can keep up with my grandkids. Using my data for advertising is fine with me. With or without data, you'll get ads. Without your data, the ads just won't be tailored to your interest.
  • "Facebook never earned your trust and now we're all paying the price". No, WE all are NOT paying the price. I have never been on Facebook, twitter, MySpace, or whatever other flavor of the month "social networking" scam sites exist. I have never even used my real name or address on web sites (such as this one) when creating an account to comment. "Trump did not run a sophisticated traditional campaign. His traditional "ground game" was incredibly lacking, but he made up for it with loud media savvy (either by accident or by design) and a quiet and unprecedented online campaign that understood the power of your data better than any in the past. And now Donald Trump is President of the United States." Clinton's "ground game" was even worse. She spent SO much time partying with wealthy elites and Hollywood freaks, that she completely ignored key battleground states (Michigan, Pennsylvania, Ohio). Selling access to herself thru "The Clinton Foundation" was not a good idea either. Funny how that slush/bribery fund closed down 3 months after the election. "It's terrifying when that same data is used to sway the electorate". No, it isn't. If you seriously believe that the 2016 election was won/lost by Facebook ads and a dozen "Russian online trolls", then you simply do not understand what happened. Clinton was/is a horrible candidate, with no message at all, other than "vote for me because I am a woman". Her husband was impeached for perjury AND is a serial sexual predator. Why would anyone want these people in power again? I have a feeling that many people wouldn't be nearly so upset had the Democratic candidate won the election, even if the Democrats had used the same tactics (they probably did anyway). But the election is LONG over, and Trump won. Time to move on.
  • Obama used the very same tactics as President Donald Trump did, Main Stream Media just won't talk about it. HRC also used it & also spent over 1 billion bucks & still lost. She is just a very flaud candidate. Thank God Trump won, Economy has never been better.
  • You are correct, the Obama campaign did use information-gathering techniques during his runs for office, but they did so using the Obama Campaign name, they did not do it via 3rd-party companies like the Steve Bannon-run Cambridge Analytica. This is freely available information which I heard cited on MSNBC last night, hardly a conservative media bastion. So mainstream media actually has talked about it. The Obama campaign was up front about it, not hiding behind 3rd parties. Big difference.
  • The "big difference " is that Republicans HAVE to hide behind a 3rd party, because facebook is run by Democrats and openly helped Obama. https://ijr.com/2018/03/1077083-ex-obama-campaign-director-fb/
  • I think places such as FB can still build a profile on you whether you use them or not. https://www.makeuseof.com/tag/doesnt-matter-youre-not-facebook-theyre-st...
  • Exactly. Trump won the election as much as Hillary lost it. Democrats should be ashamed and rallying behind someone right now getting ready for 2020, but all they want to do is point fingers, bash Trump and complain. That is not how you win. Oh yeah, and Facebook is garbage.
  • Excellent article. My personal view on social media has always been:
    1. I would never give out personal information to a social network.
    2. I have no need to advertise my life to friends or strangers. My life is my own. Sharing it with others online will not enhance it in any way.
    3. I prefer to be the user of a service, not the product. I have never had a Facebook, Twitter, Instagram etc. account even though I've been using computers for over thirty years. I just wonder how many others there are like me. Probably very few.
  • You’re right — very few people are like you (and me). I had a Facebook account for a very brief period after I moved to a new country and wanted to keep up with friends and family. But the “privacy” terms kept changing, and users weren’t properly notified, so I closed the account after a short while. Otherwise, I’ve had no interest in all of these “free” services. One, I just don’t see the real value of them in my life and two — and most importantly —, I absolutely do not trust any of them to safeguard and use appropriately the data I might provide. But let’s not fool ourselves — the vast majority of people don’t care or don’t care enough about privacy issues to abstain from using or using circumspectly online services.
  • Do you think your readers were influenced by Facebook ads? I mean, you bash the President, and keep enough readers to stay afloat, so most agree with that. So most of those weren't impacted by the ads. Let alone the Russians who posted PRO Bernie ones. And hosted a BLM rally the same day as a pro-Trump one. They're throwing us into discord, and you're falling for it.
  • Get over it. By the way this site is so terrible to navigate anymore
  • Agree the new design, along with the god awful full page ads make the site unbearable without the use of an ad blocker. I understand they need to make $$ but yikes.
  • We can't even make Equifax deal with an actual problem so there's no way anything substantial is going to happen because of this data that we freely provide them.
  • Terrifying? Really? How sad everyone is taking this story so seriously. If HRC had won, I'm sure the headlines and the storylines would have been about her brilliance of how she tapped social media for a commanding electoral victory. Just like they did when Pres. Obama won in 2012. Be Honest ... isn't all this fuss about the shock that Zuckerberg and company let down their Liberal brethren? Just once I'd love to see even pseudo journalists be honest in their offerings ... not to mention the oxymoron of stating ... "some excellent reporting by The New York Times" ... as if that were actually possible.
  • You could try a subscription service, www.idka.com (there is a free tier that offers 2gb storage). BTW, Obama was just as Facebook (working directly with Zuck) and media savvy if not more, but when he did it he was praised for the technique.
  • Total bullshit, Facebook handed over all their data to Obama during his election so saying they didn't expect their data to be used like that is a total lie. Every Candidate used it. It's amazing, the Dems are still trying to find an excuse why CROOKED CLINTON lost, she was a lousy candidate. She was lazy & She is a CROOK.
  • i found everything so funny. when an app or service is free how do they make money? selling data! google isnt so bad because we getting something in return. cloud storage, music , email and so on. sure they using it to collect data but better than facebook and twitter they offer nothing in return.
  • Thanks so very much for a very informative article. You have made it easy to decipher what has really happened. Kudos from one writer (who does not write in the tech or political space) to another.