“We have a responsibility to protect your data,
and if we can’t then we don’t deserve to serve you”.
This text is highlighted on the pages of the Facebook newsroom related to the Cambridge Analytica case before the various updates that have occurred over time. But it accurately sums up a dual concept. While on the one hand the platforms on which we publish our information must ensure that such information is available only to those who are legitimized by us to do so, on the other we must read this sentence with the meaning that it is first of all we ourselves who have the responsibility to protect the information that concerns us, paying close attention to where we publish it and knowing well the rules of the various services. If we do not scrupulously observe the second aspect, a flaw in the information management system of an application will inevitably put our privacy at greater risk.
The Cambridge Analytica case, which broke out just over a month ago, has brought to light legal, political and even military problems on the use of data that we share on the web and in general on Big Data. In a March 20 interview with the Italian Il Mattino newspaper, even the Italian Data Protection Authority said about the case: “With the information power that converges on a single recipient”, that is, on media companies like Facebook, “a new geography of powers is being created, which tends to change the nature of modern democracies”. The question is complex, so we will proceed step by step.
The Cambridge Analytica case
The Data Analytics and Political Consulting giant recognized by all as Cambridge Analytica is nothing more than a research project concerning a very specific field of science, Psychometrics. This activity, which, while it presents profiles of dubious lawfulness, is not however the only case of profiling for political and commercial purposes. Due to the growth of Big Data, there are in fact many companies involved in this activity around the world.
Psychometrics is a very complex science that attempts to identify methods for understanding and measuring the attitudes, lifestyles, desires and tastes, etc. of human beings (which we can define as the “psychographic profile”) through a series of themes based on questions and topics that are apparently banal and unrelated to each other, but which will eventually produce results that can lead to the real intentions of individuals under scrutiny. Through this science and the particular algorithms adopted (with a margin of error close to zero), Cambridge Analytica managed to index 300,000 users with their entire chain of contacts, reaching the point of drawing up the profile of almost 50 million voters, collecting an impressive series of their habits, attitudes and propensities to be resold to interested parties. It was one of the main tools in Trump’s campaign precisely because, through the elements provided by this company, the new president of America managed to recreate extremely precise micro-segmentations among voter catchments, for then studying them. At that point, through the use of banners, advertising messages and slogans, he succeeded in directing voters’ orientations towards goals that were congenial to him. Not only that, it seems that Cambridge Analytica also reached the point of fraudulently reading the profile of the person with all the respective likes, comments to posts and more, managing to obtain a database with an impressive series of psychographic elements.
For several reasons, the use of Big Data for profiling purposes is not recent
As neither is the sale of our data. As I mentioned at the beginning, there are many companies that deal with this. But why then did Cambridge Analytica cause so much fuss right now? The boil burst, credibly, due to the fact that it used the data of users for political purposes. Certainly, to all effects Cambridge Analytica represented a huge competitive advantage and a point of discrepancy in history. In fact, it will no longer be possible to think of an electoral campaign strategy that has nothing to do with this type of micro-segmentation and strategies aimed at influencing voters and going first to analyze them. It seem no coincidence that in a video on Youtube published in 2016 (and never denied), the CEO of Cambridge Analytica at the time, Alexander Nix, claimed to be able to customize electoral messages thanks to psychographic profiles.
Another important aspect of the Cambridge Analytica case is the military one. It is inevitable that where there are large amounts of data about people, but especially their beliefs, their behavior and their habits, through social networks and blogs, military circles can be attracted to experimenting techniques of manipulation of human actions and new techniques of attack and defense. In an article on “OpenDemocracyUK” entitled “Cambridge Analytica is what happens when you privatise military propaganda” explains how military propaganda has changed with technology and that you cannot understand the Cambridge Analytica scandal until you understand what its parent company does. In fact, the mother of Cambridge Analytica is called “Strategic Communication Laboratories Defense (SCL)”, a company that deals with activities for American defense. According to various sources, it appears that the activities of SCL have included massive acquisition of qualitative data and also the military disinformation campaign and the targeting of voters, especially in developing countries. There were governments, political groups and companies among its clients. An interesting article in the Italian Il Manifesto newspaper explains in detail the military aspect of Cambridge Analytica which it defines as the “civil operative arm of an American military contractor”.
According to a very recent report published on Wednesday May 2, 2018, by “The Wall Street Journal” and later confirmed by Nigel Oakes, founder of SCL, the media storm and damage to image that involved Cambridge Analytica, with the flight of clients and the significant legal costs of compensation coming from many parties that the company faces, led it to announce the cessation of activity and the commencement of bankruptcy procedures in Britain and the United States. Following this news, many have protested fearing that it is a way of escaping legal proceedings and getting rid of “inconvenient” data. But the authorities have guaranteed that they will continue to investigate the facts perpetrated by Cambridge Analytica and the facts of any company that follows it; in fact, it is believed that it wants to “recycle itself” with another name. They also ordered the same to keep all the data concerning the affair.
The chairman of the British Parliamentary Committee investigating the case, Damian Collins, has also spoken about the matter, stating that with the bankruptcy Cambridge Analytica and SCL Group cannot be allowed to erase data that are so important for ongoing investigations.
For its part, the directly interested party has however always declared its innocence. In a farewell communiqué the same Cambridge Analytica said it had not acted illegally and that, under the magnifying glass, the activity is not only legal but is widely accepted as a standard component of online advertising. Rather it is the company itself that has been denigrated and accused unfairly.
The reaction of Facebook
Mark Zuckerberg, CEO of Facebook, admits his faults. He has taken an official stance on the affair that involved the company of Data Analytics and has done so, as usual in situations like this, with a long post published on his Facebook page and in the Newsroom. “We didn’t do enough to prevent these tools from being used for harm. We didn’t take a broad enough view of our responsibility, and that was a big mistake”, Zuckerberg was to reaffirm about the violation of privacy for which he assumes full responsibility and which already cost him several billion dollars with the first stock market crash.
Furthermore, he added, “we will work with the British Information Commissioner’s Office (ICO) to ask the University of Cambridge for information on the development of applications by its psychometric center, given the case and abuse by Aleksandr Kogan”, the Russian researcher from the same university who has collected millions of Facebook profiles.
Following then the two hearings that he had at the US Congress, without sanctions but which instead, already at the end of the first, gave him the best day of the last two years on the stock market, with a rise in Facebook’s share of 4.5%, we can well hope that Congress has understood the need to adopt new laws for regulating these delicate matters.
The missing rules
Zuckerberg has admitted, in fact, that at the present time “it is essential to give rules” to the economy of Internet and to the use of personal data, openly appreciating the European Union’s GDPR and announcing that it will be a benchmark for the entire world. “What I appreciate about the GDPR”, said Zuckerberg, is that it “allows users to have control of the data they share with companies, understand what is being done with those data and possibly be able to erase them. There will also be special regulations for what concerns the technology of facial recognition of users”.
On March 21, 2018, he reported that 6 rules had been implemented to protect the information of its users and avoid the repetition of what happened with Cambridge Analytica:
1) Review of the platform. Zuckerberg admits that it is not just Cambridge Analytica that has had access to user profiles. All the big companies that collaborate with Facebook, and individual applications, will have to be checked in order to understand what data they possess at present and, if necessary, ask that they be deleted. We are talking about thousands of applications with as many servers involved. Zuckerberg undertakes to ensure that companies misusing information will be excluded from the platform.
2) Inform users about misuse of their data if they have been victims of a wrongdoing. In addition, if an application is removed due to improper use of data, the Facebook CEO undertakes to inform all users who have used it.
3) Disable access to user data for applications that are not used by it for three months in a row.
4) Limit access data (Login). From the next version of the social network, all the information that an application asks for accessing the social profile of the user will be limited to first name, last name and e-mail. For any other information, authorization from Facebook will be necessary. This will be very important for restricting access to data by particular applications such as quizzes which demand a large amount of data.
5) Encourage better management of applications and improve the authorization system. Facebook will aim to constantly improve the fact of making it clear to users which applications are connected to their accounts and what authorizations have been given.
6) Reward those who find vulnerability. The Facebook bug reporting program will be implemented so that users can also report if they find data abuses by application developers.
The beginning of a new era for data protection
“We are at the start of a new era of data protection. The protection of individuals against unlawful use of their personal data on social media platforms will be one of our key priorities. A multi-billion dollar social media platform saying it is sorry simply is not enough”. These were the words of Andrea Jelinek, Chairman of WP29, the “Article 29” Working Group that brings together European data protection authorities, on the occasion of news of the setting up of a working group on social media in order to define a long-term strategy in this field.
The website of Italy’s Data Protection Authority lists a series of interesting reports on the Cambridge Analytica case from March 20 to April 21, 2018.
Have our data been sold to Cambridge Analytica?
According to Zuckerberg, even his data have been shared with the Data Analytics and Political Consulting company. In fact, this was his reply to a direct question put to him by a Democratic Party deputy during the hearing in the US Senate on April 11. In any case, to know if our information has also been shared with Cambridge Analytica, just click on this link after having logged into the social network.
For Cambridge Analytica we cannot talk about scandal. The profile data of millions of users were not stolen but used inappropriately. Every day thousands of companies collect data from Facebook users with more or less legitimate applications and in a more or less legitimate way, unfortunately often authorized by users themselves. What is happening, however, which goes further and is dangerous, is a political and military use of data for manipulating democracy and influencing people’s knowledge and actions.
Today, therefore, in a situation of global profiling, which takes place in every sector of society, it has become increasingly important for network users to use the web consciously. The conscious use of technology is a subject that is dear to Cyber Security experts, but this topic should not be the know-how of them alone: it is necessary that this sensitivity is taken to all levels of society and that more and more users of the network are users who are conscious not only of the opportunities but, above all, of the risks that this presents.