The Cambridge Analytica Case Is A Red Herring

Uploaded on 2018-04-06 in NEWS-Cybersecurity News, FREE TO VIEW

Facebook is being hammered for allowing the data firm Cambridge Analytica to acquire 50 million user profiles in the US, which it may or may not have used to help the Trump campaign. But the outrage misses the target: There's nothing Cambridge Analytica could have done that Facebook itself doesn't offer political clients.

Here, in a nutshell, is the CA scandal

In 2014, Aleksandr Kogan, an academic of Russian origin at Cambridge University in the UK, built a Facebook app that paid hundreds of thousands of users to take a psychological test.

Apart from their test results, the users also shared the data of their Facebook friends with the app. Kogan sold the resulting database to CA, which Facebook considers a violation of its policies: The app was not allowed to use the data for commercial purposes.

Carol Cadwalladr and Emma Graham-Harrison, writing for the UK publication Observer, quoted former CA employee Christopher Wylie as saying the firm "broke Facebook" on behalf of Stephen Bannon, the ideologue and manager behind the Trump campaign.

It didn't escape keen observers that if the Trump campaign used Facebook user data harvested through an app, it did no more than Barack Obama's 2012 data-heavy re-election campaign.

It's not documented exactly how Obama's team gathered oodles of data on potential supporters, but a deep dive into the tech side of that campaign by Sasha Issenberg mentioned how "'targeted sharing' protocols mined an Obama backer’s Facebook network in search of friends the campaign wanted to register, mobilise, or persuade."

To do this, the protocols would need to use the same feature of the Facebook platform for developers, discontinued in 2015, that allowed apps access to a user's friends' profiles, with the user's consent, as Facebook invariably points out.

Let's face it: Users are routinely tricked to obtain such consent. Tech companies make giving it, or agreeing to complex terms of service, look like a low-engagement decision.

"Is it okay if we look at your friends' info?" they ask.

"Sure, why not? I want to take this nifty psychological test," we answer.

Afterward, only Facebook itself is interested in the legal minutiae of what permissions it gave to which developers. As far as everyone else is concerned, it doesn't matter whether an app gets the data for research purposes or for straight-up political ones. Average users worry more about convenience than privacy.

The relevant question, however, is what a campaign can actually do with the data?

CA's supposedly sinister skill is that it can use the Facebook profile information to build psychological profiles that reveal a person's propensity to vote for a certain party or candidate. When matched against electoral registers, targeted appeals are possible.

But no one should take the psychological profile stuff at face value. No academic work exists to link personality traits, especially those gleaned from the sketchy and often false information on Facebook profiles, definitively to political choices.

There is, however, research showing that values or even genetic factors trump traits. It's not even clear how traits affect political behavior, such as the tendency to vote and donate to campaigns: Some researchers, for example, have found a negative relationship between emotional stability and these measures; others have found a positive one.

This is not to say Facebook data, including data on a user's friends, can't be useful to campaigns.

The Obama campaign actually asked its active supporters to contact six specific friends suggested by the algorithm. So people reached million others, and, according to data from the campaign, 20 percent of the million actually did something like registering to vote.

But did the Trump campaign need CA and the data it acquired from Kogan to do this kind of outreach in 2016? Likely not. Facebook cut off the friends’ functionality for app developers because it wanted to control its own offering to clients interested in micro-targeting.

There's plenty of evidence that Brad Parscale, who ran the digital side of Trump's campaign, worked closely with Facebook.

Using the platform's "Lookalike Audiences," he could find people who resemble known Trump supporters. Facebook also has the capacity to target ads to the friends of people who have "liked" a page, a Trump campaign page, for example.

Targeting messages to millions of specific people without going directly through Facebook is messier and probably more expensive than using the social platform's own tools. All Facebook requires for access to its data trove is a reasonable fee.

Whether CA could add anything meaningful to Facebook's effort is unclear. Its previous client, the unsuccessful presidential campaign of Senator Ted Cruz, has said it didn't deliver on all its promises.

Some studies have shown that Facebook ads can work quite well for businesses. If they also worked for Trump, the CA story is a red herring:

It's Facebook's own data collection and the tools it makes available to clients that should be the target of scrutiny and perhaps regulation, both from a privacy perspective and for the sake of political transparency.

Information- Management:

You Might Also Read: 

Facebook’s Influence On UK Politics:

 

« Inside the Big Business Of Cyber Crime
Using GDPR Compliance To Excel At CRM »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

SecurityMetrics

SecurityMetrics

SecurityMetrics is leader in data security, PCI, and HIPAA compliance solutions

Ilex International

Ilex International

Ilex International is a European software vendor which specialises in Identity & Access Management solutions.

QuintessenceLabs

QuintessenceLabs

QuintessenceLabs offers a suite of Data Security technology, products and solutions to secure digital information in-transit, at-rest or in-use.

SAS Institute

SAS Institute

SAS is a leader in business analytics software and services providing solutions for a wide range of critical business areas including risk management, compliance and fraud prevention.

Nexus Group

Nexus Group

Nexus Group develops identity solutions for physical and digital access.

Data443 Risk Mitigation

Data443 Risk Mitigation

Data443 Risk Mitigation provides next-generation cybersecurity products and services in the area of data security and compliance.

Cynamics

Cynamics

Cynamics is the only network monitoring solution built specifically for Smart City, Public Safety and Critical Infrastructure networks.

Worldline

Worldline

Worldline IIoT solutions allow industrial companies to start their digital transformation journey with industrial level cyber security standards (IEC 62443 ready).

Secure Ideas

Secure Ideas

Secure Ideas is focused on penetration testing and application security including web applications, web services and mobile applications.

Netlinkz

Netlinkz

Netlinkz has developed the Virtual Secure Network (VSN) overlay technology platform, a breakthrough in connectivity security, speed, and simplicity.

Intersistemi Italia

Intersistemi Italia

Intersistemi is a leading Italian company in the field of information technology integration and digital transformation including cybersecurity.

Valeo Nertworks

Valeo Nertworks

Valeo Nertworks is a full-service Managed Security Service Provider (MSSP). We partner with organizations to remove the burden of technology so that they can focus on growing their business.

Telarus

Telarus

Telarus is a Technology Services Brokerage that holds contracts with the world's leading cloud voice, contact center, cybersecurity, mobility and IoT providers.

Winslow Technology Group (WTG)

Winslow Technology Group (WTG)

Winslow Technology Group is a leading provider of IT Solutions, Managed Services, and Cybersecurity Services dedicated to providing exceptional business outcomes for our customers since 2003.

appNovi

appNovi

appNovi inventories everything to map the attack surface, identify missing security agents, and prioritize vulnerabilities based on exposure.

Cyber Guards

Cyber Guards

Cyber Guards provide comprehensive, turn-key cyber security programs for small and mid-size business for about the cost of one full-time cybersecurity hire.