The New York Times and The Observer of London posted a blockbuster investigative piece revealing that Cambridge Analytica, the firm brought on by the Trump campaign to target voters online, used the data of tens of millions of people obtained from Facebook without proper disclosures or permission.
In the wake of this report, it’s more than past time for Mark Zuckerberg to testify to Congress about Facebook’s role in the 2016 election and why he believes existing privacy laws are adequate to protect Americans from misuse and abuse of technology platforms.
And I mean Mark Zuckerberg. Not a Facebook lawyer, like the company sent to Congress last year for hearings on how fake news swamped tech platforms like, oh, Facebook. As Minnesota Sen. Amy Klobuchar tweeted:
“This is a major breach that must be investigated. It’s clear these platforms can’t police themselves. I’ve called for more transparency & accountability for online political ads. They say ‘trust us.’ Mark Zuckerberg needs to testify before Senate Judiciary.”
The investigation published by the Times revealed that Cambridge Analytica, after receiving $15 million from conservative donor Robert Mercer in 2014 to micro-target voters, obtained the information to do so in a questionable way. A British professor collected the information from Facebook, saying he was conducting an academic personality study. He did get the approval of about 270,000 people who signed up to take part in the study — they were told their information would be used. He did not, however, get the permission of the users’ friends, whose information was also gathered — an estimated 50 million people.
It’s not just that such an action is unethical. It might well be a violation of an agreement Facebook made with the federal government. Two former employees of the Federal Trade Commission have now told The Post that it’s possible that Facebook violated a 2011 agreement with the agency to notify and offer users an out when there is an effort to use their personal information in a way not in line with their privacy settings. This agreement was reached after consumer groups complained that Facebook was cavalier with personal information.
So back to Cambridge Analytica. When Facebook found out, courtesy of a 2015 piece in the Guardian, that Cambridge Analytica and British academics had information on many users that agreed to such a collection, it demanded the information be destroyed. This did not happen. Facebook cited this when pressed on the latest revelations by the Times, claiming that the companies that misused the data “certified to us that they destroyed the data in question.”
(Facebook has announced that Cambridge Analytica agreed to a digital audit to prove it destroyed the disputed materials. The British professors involved in using the data also agreed to an audit.)
And so, after the Times published its piece, Facebook didn’t own up to what happened. Instead, its executives have gotten into multiple spats with reporters and others over whether the Cambridge Analytica incident is a “breach” or a mere misuse of personal information, since some (but not all!) the people whose data was involved did give permission for their data to be taken and the company was not actually hacked. Facebook’s motive for this is almost certainly legal and regulatory. As Bloomberg notes, a “breach” is a specific term that requires the company to notify users their information was illegally accessed.
But there is quite possibly a bigger motive. Painting Cambridge Analytica as the villain is an attempt to get Facebook off the hook for its ongoing role in everything from other invasions of privacy to the ongoing complaints about its role in spreading fake news in the 2016 election. If one or two rogue companies such as Cambridge Analytica — and not Facebook — are responsible for this mass misuse of data, perhaps the company can say more regulation is not needed.
But don’t fall for the idea that Facebook is not the problem. This is hardly a first-time offense for Facebook, which — a reminder — allowed fake news to flood the feeds of many users newsfeeds in the months leading up to the 2016 elections.
In fact, Washington perhaps should have gotten interested in Facebook well before the Trump election contretemps. Over time, Facebook has indulged in numerous instances of dodgy behavior. There was the time Facebook altered news feeds to study whether they could impact the mood of people on the platform. There was the reveal that its platform permitted ad buyers to target people with such delightful terms as “Jew hater.” And the discovery that Facebook made it possible to target housing ads to whites only.
Whether this latest scandal was a breach or a misuse of information is irrelevant. It was wrong. Zuckerberg needs to explain — slowly and clearly and without legal terminology or whiny excuses — what went wrong at the company he founded in his Harvard dorm room and what steps the company is taking to make sure it never happens again.
My suspicion? He can’t do that. Instead, a Zuckerberg appearance will demonstrate the need for significant federal regulation of the large technology platforms. No wonder it hasn’t happened yet.
Helaine Olen is a contributor to the Plum Line blog and the author of “Pound Foolish: Exposing the Dark Side of the Personal Finance Industry.”
The Washington Post