The Cambridge Analytica Case Is A Red Herring

Uploaded on 2018-04-06 in NEWS-Cybersecurity News, FREE TO VIEW

Facebook is being hammered for allowing the data firm Cambridge Analytica to acquire 50 million user profiles in the US, which it may or may not have used to help the Trump campaign. But the outrage misses the target: There's nothing Cambridge Analytica could have done that Facebook itself doesn't offer political clients.

Here, in a nutshell, is the CA scandal

In 2014, Aleksandr Kogan, an academic of Russian origin at Cambridge University in the UK, built a Facebook app that paid hundreds of thousands of users to take a psychological test.

Apart from their test results, the users also shared the data of their Facebook friends with the app. Kogan sold the resulting database to CA, which Facebook considers a violation of its policies: The app was not allowed to use the data for commercial purposes.

Carol Cadwalladr and Emma Graham-Harrison, writing for the UK publication Observer, quoted former CA employee Christopher Wylie as saying the firm "broke Facebook" on behalf of Stephen Bannon, the ideologue and manager behind the Trump campaign.

It didn't escape keen observers that if the Trump campaign used Facebook user data harvested through an app, it did no more than Barack Obama's 2012 data-heavy re-election campaign.

It's not documented exactly how Obama's team gathered oodles of data on potential supporters, but a deep dive into the tech side of that campaign by Sasha Issenberg mentioned how "'targeted sharing' protocols mined an Obama backer’s Facebook network in search of friends the campaign wanted to register, mobilise, or persuade."

To do this, the protocols would need to use the same feature of the Facebook platform for developers, discontinued in 2015, that allowed apps access to a user's friends' profiles, with the user's consent, as Facebook invariably points out.

Let's face it: Users are routinely tricked to obtain such consent. Tech companies make giving it, or agreeing to complex terms of service, look like a low-engagement decision.

"Is it okay if we look at your friends' info?" they ask.

"Sure, why not? I want to take this nifty psychological test," we answer.

Afterward, only Facebook itself is interested in the legal minutiae of what permissions it gave to which developers. As far as everyone else is concerned, it doesn't matter whether an app gets the data for research purposes or for straight-up political ones. Average users worry more about convenience than privacy.

The relevant question, however, is what a campaign can actually do with the data?

CA's supposedly sinister skill is that it can use the Facebook profile information to build psychological profiles that reveal a person's propensity to vote for a certain party or candidate. When matched against electoral registers, targeted appeals are possible.

But no one should take the psychological profile stuff at face value. No academic work exists to link personality traits, especially those gleaned from the sketchy and often false information on Facebook profiles, definitively to political choices.

There is, however, research showing that values or even genetic factors trump traits. It's not even clear how traits affect political behavior, such as the tendency to vote and donate to campaigns: Some researchers, for example, have found a negative relationship between emotional stability and these measures; others have found a positive one.

This is not to say Facebook data, including data on a user's friends, can't be useful to campaigns.

The Obama campaign actually asked its active supporters to contact six specific friends suggested by the algorithm. So people reached million others, and, according to data from the campaign, 20 percent of the million actually did something like registering to vote.

But did the Trump campaign need CA and the data it acquired from Kogan to do this kind of outreach in 2016? Likely not. Facebook cut off the friends’ functionality for app developers because it wanted to control its own offering to clients interested in micro-targeting.

There's plenty of evidence that Brad Parscale, who ran the digital side of Trump's campaign, worked closely with Facebook.

Using the platform's "Lookalike Audiences," he could find people who resemble known Trump supporters. Facebook also has the capacity to target ads to the friends of people who have "liked" a page, a Trump campaign page, for example.

Targeting messages to millions of specific people without going directly through Facebook is messier and probably more expensive than using the social platform's own tools. All Facebook requires for access to its data trove is a reasonable fee.

Whether CA could add anything meaningful to Facebook's effort is unclear. Its previous client, the unsuccessful presidential campaign of Senator Ted Cruz, has said it didn't deliver on all its promises.

Some studies have shown that Facebook ads can work quite well for businesses. If they also worked for Trump, the CA story is a red herring:

It's Facebook's own data collection and the tools it makes available to clients that should be the target of scrutiny and perhaps regulation, both from a privacy perspective and for the sake of political transparency.

Information- Management:

You Might Also Read: 

Facebook’s Influence On UK Politics:

 

« Inside the Big Business Of Cyber Crime
Using GDPR Compliance To Excel At CRM »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Echelon

Echelon

Echelon Company is a provider of information security services specializing in certification of security software and hardware products in Russia.

Huntsman Security

Huntsman Security

Huntsman Security provides technology to enable real-time security monitoring and immediate visibility of advanced threats and compliance issues.

Information and Communication Technology Authority (ICT Authority) - Kenya

Information and Communication Technology Authority (ICT Authority) - Kenya

The ICT Authority is responsible for enforcing ICT standards in Government and ensuring information security.

Nucleon

Nucleon

Nucleon enables cybersecurity tools, organizations and software developers to become proactive by blocking threats before they become breaches.

Swedish Board for Accreditation and Conformity Assessment (SWEDAC)

Swedish Board for Accreditation and Conformity Assessment (SWEDAC)

SWEDAC is the national accreditation body for Sweden. The directory of members provides details of organisations offering certification services for ISO 27001.

Cyber Threat Alliance

Cyber Threat Alliance

CTA is working to improve cybersecurity of our digital ecosystem by enabling near real-time cyber threat information sharing among companies and organizations in the cybersecurity field.

IoT Security Institute (IoTSI)

IoT Security Institute (IoTSI)

IoT Security Institute is an academic and industry body dedicated to providing frameworks and supporting educational services to assist in managing security within an Internet of Things eco-system.

Diateam

Diateam

Diateam is an R&D company specializing in computer security. Diateam develops highly innovative cyber range platforms and Industry-leading systems for cybersecurity training and testing labs.

Cyber Security Forum Initiative (CSFI)

Cyber Security Forum Initiative (CSFI)

CSFI is a non-profit organization with a mission to provide Cyber Warfare awareness, guidance, and security solutions through collaboration, education, volunteer work, and training.

Akito

Akito

Akito was set up to become a point of reference in the ICT market for issues related to Security and in particular Cyber Security.

AdvIntel

AdvIntel

AdvIntel is a next-generation threat prevention and loss prevention company launched by a team of certified investigators, reverse engineers, and security experts.

OptimEyes.ai

OptimEyes.ai

OptimEyes.ai is a unique AI-powered, on-demand SaaS solution for cyber-security, data privacy and compliance risk modeling.

BCyber

BCyber

BCyber is a Swiss Cyber Security company that provides security products, training, and managed services to protect diverse IT and OT environments against cyber, physical, and cyber-physical threats.

CSIR Information & Cybersecurity Research Centre

CSIR Information & Cybersecurity Research Centre

The CSIR Information & Cybersecurity Research Centre focuses on research, development, and innovation of home-grown cyber and information security.

Arakyta

Arakyta

Arakÿta specializes in business strategy, work flow process and IT systems for organizations.

Secure Domains

Secure Domains

Secure Domains is the first company in the GCC to offer cloud-based DNS firewall services and security through its flagship SaaS product, DNS Armor.