The way bad actors exploited Facebook during the 2016 election, and the way the company has responded so far, have thrust the social network into crisis and prompted an overdue reckoning with digital privacy and the ways social media has been used to distort everything from the way individuals receive and process information to democracy itself.
But it has also generated a lot of conceptual confusion about how the Internet works and the origins of the problems social media has exacerbated.
Hence, in early 2018, we find politicians and media figures spun into a tizzy about some things that are actually grotesque and meaningful, and other things that are merely fundamental to how the Internet works. We should pause for a moment to separate what we’re really outraged about from the more complicated tradeoffs the Internet of today confronts us with. There is a difference, after all, between subterfuge by bad actors seeking to exploit our divisions to benefit candidates and political interests and our broader disorientation over how fast the underlying business model of the Internet crept up on us.
The Cambridge Analytica scandal may be a watershed moment for Americans’ feelings on how our personal data is handled by our favorite websites. But the reality is that the economy on which our Internet is built is based on the collection, aggregation, and monetization of data derived from our day-to-day online activity.
The entire economic model for Facebook and other platforms is simple: You, the user, load it up with all sorts of information about you, and that information helps the platforms sell access to your eyeballs to advertisers and developers. If Donald Trump and Cambridge Analytica didn’t exist, we’d still eventually have to ask ourselves how much we want powerful corporations to know about us, what safeguards we should expect them to take with our information, and which online institutions provide services that are worth the privacy tradeoff.
Facebook CEO Mark Zuckerberg almost certainly didn’t start Facebook to empower malevolent forces in the world or to become a focal point of global political scrutiny.
”There’s no way I thought that’s what I’d be doing if we talked in 2004 in my dorm room,” he told the New York Times last week.
Suffice it to say, a lot has changed in the last decade and a half. Even in late 2008, when Barack Obama won the Presidency, a mere quarter of U.S. adults used any social media platform. The iPhone, introduced the previous year, was a novelty luxury device, and the very first Android devices launched only weeks before Obama was elected.
Four year later, ahead of the 2012 election, nearly 60% of the U.S. adult population used social media, and by 2016 the number reached almost 70%. By the time Donald Trump won the presidency, smartphone penetration topped 80% of all mobile phone users.
It’s hard to overstate the speed and the gravity of this change. The ways that Facebook and other platforms have enabled advertisers and developers to monetize their users’ data have created multi-hundred-billion dollar corporations. What the revelations of the past couple weeks have made clear is that our collective understanding of what happens to the data we create and provide the platforms we use has not kept pace with reality.
There are many reasons for people who oppose Donald Trump to be upset about Facebook and Cambridge Analytica and the other forces that aligned to help him win the election. Cambridge Analytica sought to incite fear and hatred to win a marquee election and build their business. Facebook sought to keep us clicking, driving user engagement metrics and growth, the byproduct of which gave divisive and contentious content much farther reach than it otherwise might have had.
But as Zeynep Tufecki wrote in the New York Times last week, the way Cambridge Analytica obtained and abused Facebook user data ahead of the 2016 election didn’t constitute a breach, as we generally understand the term. It’s actually how the system was designed to work. The websites and apps we visit track our activity. They see every link we click, every headline we linger on, every photo we upload, tag and like, every email we send and receive. This data collection creates upsides and downsides for users. It makes our experience on the Internet more personalized, more predictive, and free. Those targeted ads are what sit between you and having to pay $4.99 a month to use Pinterest.
On the other hand, it’s kind of creepy and ripe for abuse. So when we learn about egregious abuses, like Cambridge Analytica’s, we develop second thoughts about the tradeoff between being effectively compensated with “free” stuff for the digital information about ourselves we hand over to the services we use.
Cambridge Analytica pulled what was clearly a scam. It used a third party app run by a rogue academic to lure 270,000 U.S. users to download what looked like a “guess your personality type” quiz,” but was effectively malware. The app had the actual purpose of enabling the developers to mine a downloader’s entire Facebook profile, as well as those of the user’s entire “social graph” (the technical term for Facebook friends). This expansive set of data, most of it gathered and harvested without consent, totaled nearly 50 million profiles. It was then sold to SCL, the parent company of Cambridge Analytica, which used it to develop models designed to predict and exploit the fears and weaknesses of the entire U.S. population.
Set aside for a minute the dispute over whether this approach was effective at moving votes, and let’s focus on what was wrong about it. These bad actors intentionally misled people about what they were up to. They effectively bribed users with a few bucks to to “accept” permissions and hand over all their data and those of their Facebook friends. That’s certainly unethical. But this wasn’t even a violation of Facebook’s Terms of Service, which permitted developers to use the Social Graph API with few restrictions. (That policy changed in 2015, and this particular offense is no longer possible.) The only technical infraction that Cambridge Analytica et al committed was engaging in the commercial resale of this Facebook user data from the academic partner to SCL.
Notably, this is not what the Obama campaign did. In response to the outpouring of anger at Trump, Cambridge Analytica, and Facebook, a number of conservatives have attempted to argue that the Obama campaign did the same thing with data it accessed through its Facebook application in 2012, and that the current backlash is aimed at alleging a double standard by which Democratic campaigns are allowed to harvest social media data but Republicans are not.
That is utterly false. The Obama 2012 app did request that Obama supporters provide it with permissions to access their own profiles, as well as limited data from their social graph. The intent of this application was to match a supporter’s Facebook friends to the existing voter file, then feed back to the supporter the list of their friends that could use a reminder to vote so that the supporter could contact them directly. Obama for America not only had a laudable goal in mind—to encourage a real dialogue between real people who actually knew each other about the importance of voting—it also didn’t mislead its supporters about its aims.
(NB: I run a startup that buys digital ads, effectively serving as an advertiser. We adhere to high ethical standards, but we are certainly an interested party in restoring trust in a responsible, advertiser-funded model of the Internet.)
It is fair to ask whether Obama for America should have had access to any Facebook data in the first place, but this is where the argument departs from questions about the ethics of political campaigns and enters the realm of the obligations of Internet companies.
As Nicholas Thompson and Fred Vogelstein wrote in Wired last Tuesday, “Facebook knows everything about its users—but in some ways it knows nothing about its developers.” This is the key. While Obama for America used available data for what I believe to be noble purposes, with clear disclosure and intent, the availability of the data in the first place raises the question: Should we be giving thousands of developers the power to decide whether to use our personal data ethically, or do the platforms themselves have a responsibility to govern how our data gets used (or not)? Who should be held responsible when things go wrong?
People are right to be angry about what Cambridge Analytica did. Some of us are angry because the data they misused and should have never obtained may have contributed to Trump’s victory. But in Washington and elsewhere, that anger is bleeding into what should be a different debate over how to balance the tradeoffs between not having to pay for the websites we love and feeling overly surveilled by them. Who should be in the position of deciding who gets access to the data derived from our day-to-day online activity and what should their obligations be? How can we prevent fraud by bad actors while ensuring that innovation by good actors isn’t stifled? Can we set about answering those questions without letting interested or uninformed parties obscure where the problems actually lie by creating a false equivalence between ethical messaging—like asking people to urge friends to vote—and propaganda?
When the roiling debate of the last week returns to a simmer, I hope thoughtful policymakers, ethicists, and technologists will engage it in earnest. Because as much as folks want to #deletefacebook and end microtargeting as we know it, neither Facebook nor microtargeting are going anywhere soon, and the stakes, for the 2018 election and beyond, are too high to let these questions linger unanswered.
Michael Simon is the Co-Founder and CEO of Elucd, a GovTech startup based in New York City. In 2008, he led the data analytics department at Obama for America.