The Cambridge Analytica Case Is A Red Herring

Uploaded on 2018-04-06 in NEWS-News Analysis, FREE TO VIEW

Facebook is being hammered for allowing the data firm Cambridge Analytica to acquire 50 million user profiles in the US, which it may or may not have used to help the Trump campaign. But the outrage misses the target: There's nothing Cambridge Analytica could have done that Facebook itself doesn't offer political clients.

Here, in a nutshell, is the CA scandal

In 2014, Aleksandr Kogan, an academic of Russian origin at Cambridge University in the UK, built a Facebook app that paid hundreds of thousands of users to take a psychological test.

Apart from their test results, the users also shared the data of their Facebook friends with the app. Kogan sold the resulting database to CA, which Facebook considers a violation of its policies: The app was not allowed to use the data for commercial purposes.

Carol Cadwalladr and Emma Graham-Harrison, writing for the UK publication Observer, quoted former CA employee Christopher Wylie as saying the firm "broke Facebook" on behalf of Stephen Bannon, the ideologue and manager behind the Trump campaign.

It didn't escape keen observers that if the Trump campaign used Facebook user data harvested through an app, it did no more than Barack Obama's 2012 data-heavy re-election campaign.

It's not documented exactly how Obama's team gathered oodles of data on potential supporters, but a deep dive into the tech side of that campaign by Sasha Issenberg mentioned how "'targeted sharing' protocols mined an Obama backer’s Facebook network in search of friends the campaign wanted to register, mobilise, or persuade."

To do this, the protocols would need to use the same feature of the Facebook platform for developers, discontinued in 2015, that allowed apps access to a user's friends' profiles, with the user's consent, as Facebook invariably points out.

Let's face it: Users are routinely tricked to obtain such consent. Tech companies make giving it, or agreeing to complex terms of service, look like a low-engagement decision.

"Is it okay if we look at your friends' info?" they ask.

"Sure, why not? I want to take this nifty psychological test," we answer.

Afterward, only Facebook itself is interested in the legal minutiae of what permissions it gave to which developers. As far as everyone else is concerned, it doesn't matter whether an app gets the data for research purposes or for straight-up political ones. Average users worry more about convenience than privacy.

The relevant question, however, is what a campaign can actually do with the data?

CA's supposedly sinister skill is that it can use the Facebook profile information to build psychological profiles that reveal a person's propensity to vote for a certain party or candidate. When matched against electoral registers, targeted appeals are possible.

But no one should take the psychological profile stuff at face value. No academic work exists to link personality traits, especially those gleaned from the sketchy and often false information on Facebook profiles, definitively to political choices.

There is, however, research showing that values or even genetic factors trump traits. It's not even clear how traits affect political behavior, such as the tendency to vote and donate to campaigns: Some researchers, for example, have found a negative relationship between emotional stability and these measures; others have found a positive one.

This is not to say Facebook data, including data on a user's friends, can't be useful to campaigns.

The Obama campaign actually asked its active supporters to contact six specific friends suggested by the algorithm. So people reached million others, and, according to data from the campaign, 20 percent of the million actually did something like registering to vote.

But did the Trump campaign need CA and the data it acquired from Kogan to do this kind of outreach in 2016? Likely not. Facebook cut off the friends’ functionality for app developers because it wanted to control its own offering to clients interested in micro-targeting.

There's plenty of evidence that Brad Parscale, who ran the digital side of Trump's campaign, worked closely with Facebook.

Using the platform's "Lookalike Audiences," he could find people who resemble known Trump supporters. Facebook also has the capacity to target ads to the friends of people who have "liked" a page, a Trump campaign page, for example.

Targeting messages to millions of specific people without going directly through Facebook is messier and probably more expensive than using the social platform's own tools. All Facebook requires for access to its data trove is a reasonable fee.

Whether CA could add anything meaningful to Facebook's effort is unclear. Its previous client, the unsuccessful presidential campaign of Senator Ted Cruz, has said it didn't deliver on all its promises.

Some studies have shown that Facebook ads can work quite well for businesses. If they also worked for Trump, the CA story is a red herring:

It's Facebook's own data collection and the tools it makes available to clients that should be the target of scrutiny and perhaps regulation, both from a privacy perspective and for the sake of political transparency.

Information- Management:

You Might Also Read: 

Facebook’s Influence On UK Politics:

 

« Inside the Big Business Of Cyber Crime
Using GDPR Compliance To Excel At CRM »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The Networking People (TNP)

The Networking People (TNP)

TNP supplies independent advice allowing large organisations to design, build and operate their own networks independently of the established telecoms companies.

Software Testing News

Software Testing News

Software Testing News provides the latest news in the industry; from the most up-to-date reports in web security to the latest testing tool that can help you perform better.

ControlCase

ControlCase

ControlCase provide solutions that address all aspects of IT-GRCM (Governance, Risk Management and Compliance Management).

Onspring

Onspring

Onspring is the cloud-based platform of choice for governance, risk and compliance (GRC) teams and business operations experts across multiple industries.

Clari5

Clari5

Clari5 redefines real-time, cross channel banking Enterprise Fraud Management using a central nervous system approach to fight financial crime.

Eclypsium

Eclypsium

Eclypsium protects organizations from the foundation of their computing infrastructure upward, controlling the risk and stopping threats inside firmware of laptops, servers, and networks.

ICS-CSR

ICS-CSR

ICS-CSR is a research conference bringing together researchers with an interest in the security of industrial control systems.

RapidScale

RapidScale

RapidScale’s managed cloud solutions provide reliable, innovative, and secure services, all complete with white-glove service and full management options.

Secure Ideas

Secure Ideas

Secure Ideas is focused on penetration testing and application security including web applications, web services and mobile applications.

Vantea SMART

Vantea SMART

Vantea SMART have decades of experience in cybersecurity resulting in an approach of proactive prevention - Security by Design and by Default.

BullWall

BullWall

BullWall is a digital innovator dedicated to fight cybercrime in its many forms. Our overarching purpose is to stop new and unknown strings of ransomware attacks in its tracks.

Vectra AI

Vectra AI

Vectra threat detection & response - see and stop threats across hybrid and multi-cloud enterprises.

Ruptura InfoSecurity

Ruptura InfoSecurity

Ruptura InfoSecurity provide CREST Accredited Penetration Testing & Offensive Security Services. We secure your critical assets through targeted and research driven penetration testing.

Kaesim Cybersecurity

Kaesim Cybersecurity

Kaesim are a global team of cybersecurity experts protecting businesses since 2015. We stop bad people damaging your business, your data and your reputation.

SphereX Technologies

SphereX Technologies

SphereX is the first on-chain security solution for Web3 applications.

Geobridge

Geobridge

Geobridge was one of the first information security solutions providers to support cryptography and payment applications for payment processors, financial institutions and retail organizations.