Facebook and Cambridge Analytica are the two main actors in an enormous data privacy scandal that touches on the Trump campaign, 50 million Facebook users and even two presidential elections in Kenya. It’s complicated, so here’s a breakdown.
Why are Facebook and Cambridge Analytica in the news?
In a nutshell, because the personal data of 50 million people was pulled from Facebook by a company contracted by Cambridge Analytica and used for … we’re not sure exactly what. The third-party firm (Global Science Research) used a clicky personality quiz to get people to interact with the app, which then used a loophole to pull all the behind-the-scenes data of that user, and also the same data relating to all their friends — typically 200-300 other people per user.
Facebook issued a press release Friday saying they had banned Cambridge Analytica, Aleksandr Kogan and Christopher Wylie from its platform because they had improperly shared and failed to delete that data, but that seems to have been a pre-emptive move. Late on Friday, The Guardian published a detailed interview with whistleblower Christopher Wylie, a former Cambridge Analytica staffer, who was involved in building its data operations to scrape user data from Facebook.
The Guardian claims Facebook threatened to sue to keep the story under wraps, while Cambridge Analytica said it was working within the terms and conditions of Facebook’s platform, and that the third party was to blame for any breach of trust or privacy.
On Monday, Channel 4 News, a U.K. outlet, published a video in which they went undercover, posing as a prospective client of Cambridge Analytica, who pitched its election-influencing capacity to Channel 4, complete with bribery stings, social media manipulation and truth-bending propaganda.
Who’s the bad guy in all this?
Depends on your point of view. Cambridge Analytica, through a third party contractor, definitely made the most of the tools available to them to mine Facebook for every ounce of data it could reach without breaking the law, and may have used that data beyond the scope of what was permissible.
Global Science Research, that third party, were the ones who crafted the personality quiz for maximum efficacy, and actually did the data extraction.
But the spotlight is certainly on Facebook for permitting that loophole to exist in the first place, for failing to protect its users’ personal data, and for not acting, nor being transparent about it when they knew there had been problems. They knew in 2015 — Friday’s statement was their first acknowledgement there was a problem, more than two years later.
Who is Christopher Wylie?
Christopher Wylie is the whistleblower, an early employee of Cambridge Analytica who detailed their data-scraping techniques in a bombshell interview with The Guardian from his experience putting it into practice. Wylie was one of the actors banned from the platform by Facebook, something he says is regrettable.
“They seem really pissed off,” Wylie told CBS News on Monday. “I don’t think they’ve handled it well — they haven’t done anything on this for two years, And now they have banned me.”
Wylie said that he was seeking to cooperate with Facebook ahead of the article going live. “We were going to work on this in a cooperative manner — there’s obviously a lot of issues that need to be discussed — but you know, I didn’t set out to crusade against Facebook — suddenly they issue this press release and ban me.”
Was this a data breach?
Not in the classic, sense, no, in that the data wasn’t stolen in a hack. Nobody broke into somebody’s account and pilfered data. But that’s what makes it so worrying — they didn’t have to. Facebook, through its app protocols at the time, allowed an organization to rifle through users’ accounts willy-nilly and take their personal data without any real informed consent.
Facebook executives earned widespread internet scorn for trying to defend the company on that technicality. Sure, it may be correct to say it wasn’t a breach, by dictionary definition, but for 50 million end users, the net effect was the same. Their data was taken without their knowledge, potentially to be used against them.
Should I be worried?
That depends on your point of view. Facebook says it’s working to ensure that all the data extracted is no longer in circulation,or stored anywhere that could be hacked. But what’s more important is to stay informed on what the apps you use do with your data. Facebook profiles its users, their likes and interests in minute detail to help advertisers and other groups — like political action groups — reach them and convince them to vote, buy things and take certain actions. If that seems concerning to you, learn about your security settings and consider limiting your use of platforms that allow more access to your information than you’re happy with.
Here are some things you can do, per TechRepublic’s Dan Patterson, to keep your data secure:
- Enable two-factor authentication on all of your accounts.
- Don’t click links in your email and instead copy/paste URLs.
- Check your email header to make sure inbound email is from known URLs.
- Beware of phishing attacks that look legit.
- Don’t enter your username and password anywhere.
- Use a password manager like LastPass or 1Password to create and store long complex passwords.
© 2018 CBS Interactive Inc. All Rights Reserved.