Facebook Analytica

On the surface, Facebook is an incredibly powerful platform that allows people around the world to communicate by sharing text statuses, pictures, messages, and cash. The average person spends over 50 minutes a day on Facebook, and Facebook is looking to increase that duration by making its services even more engaging. However, behind the scenes, Facebook is a surveillance machine designed to do one thing: gather as much data as possible about its users. This data has driven the multi-billion dollar advertising business that Facebook relies on. But as Facebook amasses more and more data, the way it handles that data begins to have real-world consequences.

These consequences became abundantly clear in March when The New York Times and The Observer of London published reports on the behavior of an election campaigning firm called Cambridge Analytica. A researcher working on Facebook’s platform published a quiz that users could take in exchange for a few dollars in 2014. However, users who completed the quiz gave the researcher access to not only a vast collection of their personal data, but that of their friends as well. This included people who did not take the survey or agree to its terms. Facebook allowed the researcher access to this trove of data as long as it was not shared or sold.

However, this restriction was not enforced, and the researcher sold the personal data of as many as 87 million Facebook users to Cambridge Analytica. Cambridge Analytica then used this personal data to create psychological profiles to target political advertising to users more likely to be swayed by the ads. Moreover, the number of elections influenced by this data is unclear, as the firm, led by right-wing donor Robert Mercer, is said to be fighting “a culture war” in America.

It’s easy to blame Cambridge Analytica for its improper acquisition of millions of Facebook users’ data. However, while the firm was responsible for procuring the data, it was Facebook’s negligent approach to protecting users’ data that ultimately allowed this misuse to occur. Facebook’s vague privacy rules allowed its users taking quizzes to inadvertently sign away the data of all their friends. And Facebook allowed this data to fall in the hands of third parties despite a 2006 pledge that the company would never share or sell any users’ data.

Facebook has long been having trouble with keeping its users’ private data private. For example, in 2010, the Electronic Frontier Foundation found that anyone could get access to all of a profile’s data, even private data, using techniques called "connections" and "instant personalization," which utilized liking company profiles or public pages to expose data. While Facebook has since patched these loopholes along with more recent ones, it has already exposed millions or even billions of profiles to third parties. According to Facebook CEO Mark Zuckerberg, every Facebook user with a public profile should assume their data has been scraped, or automatically found and recorded, due to a now-discontinued Facebook feature allowing people to search for profiles using a phone number or e-mail address. This vulnerability allowed bots to use lists of e-mails and phone numbers to extract vast amounts of data. Facebook has recently removed that feature, but for millions of public users, it’s already too late to protect their data.

Despite Facebook’s inadequacy in ensuring that its users’ data remains safe, it is continuing to collect more and more of it. Using its Facebook and Facebook Messenger mobile apps, the company has collected the viewing habits, conversations, and locations of millions of users. In the wake of the Cambridge Analytica scandal, increased public scrutiny revealed that Facebook has been silently collecting the contacts, call logs, and plain text messaging histories of millions of Android users since 2014. And every webpage that a Facebook user likes sends information about that user’s web browsing habits to Facebook.

Yet this data isn’t sufficient for Facebook, which is positioning itself to acquire an ever more complete picture of its users’ lives. Its acquisition of the social media platform Instagram in 2012 meant it could grab even more pictures, messages, and location data off its users. Its purchase of the messaging app Whatsapp meant that users avoiding Messenger could still be tracked by Facebook. And newer acquisitions like that of the virtual reality firm Oculus mean that Facebook is set to control even more of what its expanding user base sees, from messaging apps to social media to new immersive experiences.

Even when this ever-increasing store of data isn’t being irresponsibly shared by Facebook, it still has the power to manipulate and harm its users. Facebook disclosed a psychological experiment in 2014, in which it used its data to manipulate users’ news feeds in an attempt to affect their emotions, ultimately succeeding in making them happier or sadder, an effect which spread to friends not involved in the experiment. The experiment was carried out without any explicit consent, with only a broad license for such manipulation buried in Facebook’s Terms of Use, and was widely considered unethical by the psychological community. And Facebook is striving to use its data to create ads and experiences that are ever more irresistible, manipulating users into spending more time and money on its platform.

As Facebook’s vast user surveillance has come under increased scrutiny, a campaign has mounted for Facebook users to delete their accounts. Unfortunately, for most users of the social media network, that isn’t a viable option. For millions of Americans, Facebook and Instagram are their main ways to connect to friends and family around the world. And as virtual reality moves into the mainstream, users may be unable to avoid Oculus’s services and products.

Even when users feel ready to pull the trigger and exit the platform, Facebook uses its extensive data to lure them back. As the University of Pennsylvania reported, “When one of us tried deactivating her account, she was told how huge the loss would be—profile disabled, all the memories evaporating, losing touch with over 500 friends.” Facebook has successfully entrenched itself into billions of lives, with free reign to use those users’ data as it sees fit.

That data can be used in a symbiotic manner, allowing consumers to receive free services and more relevant ads, as well as creating revenue for Facebook. However, the massive extent of data collected by Facebook has emboldened it to use the data in ways that violate users’ real-world privacy. For example, prior to the Cambridge Analytica scandal, Facebook had planned to use its data in combination with anonymized data in a research partnership with several major U.S. hospitals, a plan that Facebook users didn’t sign up for either on Facebook or at their hospitals. Facebook’s broad license to collect and use data has encouraged a recklessness that wouldn’t be present with more limited data collection.

With the rise of de facto monopolies such as Facebook, the government has the duty to step in and protect its citizens’ data. The EU is preparing to enforce its new privacy regulations known as the General Data Protection Regulation (GDPR). These regulations severely limit companies’ ability to arbitrarily collect users’ data that isn’t necessary to provide their services. In addition, the GDPR doesn’t permit analyzing data in ways other than those necessary to directly provide consumers with services. Nor does the GDPR allow companies to share data without explicit user permission, not just in terms buried in rarely read privacy policies.

Facing increased user backlash, Facebook has pledged to follow these regulations worldwide, not just in the EU. However, such a move would likely slow Facebook’s financial growth, and Facebook has shown it is willing to violate its users’ confidence in order to collect more data and make more money. B y adopting regulations similar to the GDPR, the U.S. government could ensure that companies such as Facebook and Google respect and protect their users’ data. It’s time for Facebook to face the consequences for its data misuse.