The Cambridge Analytica Case Is A Red Herring

Uploaded on 2018-04-06 in NEWS-Cybersecurity News, FREE TO VIEW

Facebook is being hammered for allowing the data firm Cambridge Analytica to acquire 50 million user profiles in the US, which it may or may not have used to help the Trump campaign. But the outrage misses the target: There's nothing Cambridge Analytica could have done that Facebook itself doesn't offer political clients.

Here, in a nutshell, is the CA scandal

In 2014, Aleksandr Kogan, an academic of Russian origin at Cambridge University in the UK, built a Facebook app that paid hundreds of thousands of users to take a psychological test.

Apart from their test results, the users also shared the data of their Facebook friends with the app. Kogan sold the resulting database to CA, which Facebook considers a violation of its policies: The app was not allowed to use the data for commercial purposes.

Carol Cadwalladr and Emma Graham-Harrison, writing for the UK publication Observer, quoted former CA employee Christopher Wylie as saying the firm "broke Facebook" on behalf of Stephen Bannon, the ideologue and manager behind the Trump campaign.

It didn't escape keen observers that if the Trump campaign used Facebook user data harvested through an app, it did no more than Barack Obama's 2012 data-heavy re-election campaign.

It's not documented exactly how Obama's team gathered oodles of data on potential supporters, but a deep dive into the tech side of that campaign by Sasha Issenberg mentioned how "'targeted sharing' protocols mined an Obama backer’s Facebook network in search of friends the campaign wanted to register, mobilise, or persuade."

To do this, the protocols would need to use the same feature of the Facebook platform for developers, discontinued in 2015, that allowed apps access to a user's friends' profiles, with the user's consent, as Facebook invariably points out.

Let's face it: Users are routinely tricked to obtain such consent. Tech companies make giving it, or agreeing to complex terms of service, look like a low-engagement decision.

"Is it okay if we look at your friends' info?" they ask.

"Sure, why not? I want to take this nifty psychological test," we answer.

Afterward, only Facebook itself is interested in the legal minutiae of what permissions it gave to which developers. As far as everyone else is concerned, it doesn't matter whether an app gets the data for research purposes or for straight-up political ones. Average users worry more about convenience than privacy.

The relevant question, however, is what a campaign can actually do with the data?

CA's supposedly sinister skill is that it can use the Facebook profile information to build psychological profiles that reveal a person's propensity to vote for a certain party or candidate. When matched against electoral registers, targeted appeals are possible.

But no one should take the psychological profile stuff at face value. No academic work exists to link personality traits, especially those gleaned from the sketchy and often false information on Facebook profiles, definitively to political choices.

There is, however, research showing that values or even genetic factors trump traits. It's not even clear how traits affect political behavior, such as the tendency to vote and donate to campaigns: Some researchers, for example, have found a negative relationship between emotional stability and these measures; others have found a positive one.

This is not to say Facebook data, including data on a user's friends, can't be useful to campaigns.

The Obama campaign actually asked its active supporters to contact six specific friends suggested by the algorithm. So people reached million others, and, according to data from the campaign, 20 percent of the million actually did something like registering to vote.

But did the Trump campaign need CA and the data it acquired from Kogan to do this kind of outreach in 2016? Likely not. Facebook cut off the friends’ functionality for app developers because it wanted to control its own offering to clients interested in micro-targeting.

There's plenty of evidence that Brad Parscale, who ran the digital side of Trump's campaign, worked closely with Facebook.

Using the platform's "Lookalike Audiences," he could find people who resemble known Trump supporters. Facebook also has the capacity to target ads to the friends of people who have "liked" a page, a Trump campaign page, for example.

Targeting messages to millions of specific people without going directly through Facebook is messier and probably more expensive than using the social platform's own tools. All Facebook requires for access to its data trove is a reasonable fee.

Whether CA could add anything meaningful to Facebook's effort is unclear. Its previous client, the unsuccessful presidential campaign of Senator Ted Cruz, has said it didn't deliver on all its promises.

Some studies have shown that Facebook ads can work quite well for businesses. If they also worked for Trump, the CA story is a red herring:

It's Facebook's own data collection and the tools it makes available to clients that should be the target of scrutiny and perhaps regulation, both from a privacy perspective and for the sake of political transparency.

Information- Management:

You Might Also Read: 

Facebook’s Influence On UK Politics:

 

« Inside the Big Business Of Cyber Crime
Using GDPR Compliance To Excel At CRM »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CORDIS

CORDIS

CORDIS is the European Commission's primary public repository and portal to disseminate information on all EU-funded research projects and their results.

Bittium

Bittium

Bittium provides proven information security solutions for mobile devices and portable computers.

DNV

DNV

DNV are the independent expert in assurance and risk management. We deliver world-renowned testing, certification and technical advisory services.

Wizlynx Group

Wizlynx Group

Wizlynx services cover the entire risk management lifecycle from security assessments and compliance to the implementation of security solutions and provision of Managed Security Services.

Lumen Technologies

Lumen Technologies

Lumen is an enterprise technology platform that enables companies to capitalize on emerging applications and power the 4th Industrial Revolution (4IR).

Utility Cyber Security Forum

Utility Cyber Security Forum

The Utility Cyber Security Forum offers a focused venue in which utility executives can network one-on-one with colleagues facing issues in protecting against cyber attacks.

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

C-MRiC collaborates on initiatives, ranging from national cyber security, enterprise security, information assurance, protection strategy, climate control to health and life sciences.

GitGuardian

GitGuardian

Enable developers, ops, security and compliance professionals to enforce security policies across public and private code, and other data sources as well

CHT Security

CHT Security

CHT Security is a Managed Security Service Provider (MSSP) specialized in cyber security technologies enabling enterprises to defense against cyber threats to networks, gateways and endpoints.

Automox

Automox

Remediate vulnerabilities 30X faster than the industry norm – and dramatically reduce your risk with simple, fast, and cloud-native endpoint hardening from Automox.

ISARR

ISARR

The ISARR software platform - your bespoke Risk, Resilience & Security Management solution. Simple, cost effective and adaptable, now and into the future.

Cyolo

Cyolo

Cyolo’s Secure Access Service Edge (SASE) platform securely connects onsite and remote users to authorized assets, in the organizational network, cloud or IoT environments and even offline networks.

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

CMMC COE is an IT-AAC sponsored public–private partnership that will be the focal point for entities seeking to achieve Cybersecurity Maturity Model Certification.

SLVA Cybersecurity

SLVA Cybersecurity

SLVA Cybersecurity excel at delivering security-as-a-service, fit-for-purpose, within the constraints of realistic budgets and business expectations.

Buzz Cybersecurity

Buzz Cybersecurity

Buzz Cybersecurity systems and services are designed to proactively guard against common and uncommon cyber threats.

Resemble AI

Resemble AI

Resemble AI is an innovator in Generative Voice AI technology and tools to combat AI fraud including audio watermarking and deepfake detection.