News broke out globally in recent days of yet another data compromise involving Cambridge Analytica. Founded in London, Cambridge Analytica is a data analytics company that specializes in behavioral microtargeting, i.e., understanding your personality and exploiting that. The scandal involved the misuse of 50 million Facebook profiles to produce specific types of messaging in relation to, among others, the US election last 2016. The modern Edward Snowden of our times, Chris Wylie, came out as the whistleblower.
The end goal was simple: to find out the mental vulnerabilities of an individual and then curate content to trigger hopes and fears via specific campaign messaging in order to persuade a decision to achieve the target outcome. In this case, it was to vote for Donald Trump.
In order to do this, they would have to have access to massive amounts of data, create algorithms and produce the data sets. Cambridge Analytica then tapped Aleksandr Kogan, a Cambridge University researcher. Kogan created an app – thisisyourdigitallife – to get information on personality traits and social media behavior. Allowed with data access from Facebook, given that he is in the academe – and the assumption that this will be used for academic purposes – this was the gateway of Cambridge Analytica to gain access to millions of users. Worse, this access also allowed Cambridge Analytica to mine the data of the user’s network (friends of friends and others), exponentially making this exercise blow up to massive proportions.
To visualize this, think of a person who has an affinity to a certain religion or denomination. The public comments made about this, location, pages that have been liked, and so on and so forth are used effectively and efficiently to ensure that when the same individual comes across (or is persuaded to click) a particular content, whether it’s a blog or a website or whatever online platform, the messaging that he will encounter will convey and trigger the desired emotion to eventually lead to a targeted decision. It could be to support a particular cause or vote for a particular candidate.
What is the issue in this case? The issue stems from the fact that first, the data was not used for academic purposes. Secondly, the process violated the sharing or transfer of data to another third party (Kogan to Cambridge Analytica) for commercial purposes.
How does this impact you and me?
The thought process to be had here taking a step back is that given that this happened a few years ago, one wonders why Facebook has not announced such data compromise. As of the moment they have not acknowledged that this has been a data breach but one would recall how Yahoo and Uber later on came forward after a few years acknowledging that they have been victims of data breaches and hacks as well. From a data privacy perspective, it should concern everyone using social media that personal information has been compromised and who knows what else will be done to make use and monetize that information.
What can we learn out of this?
There are practical lessons to think about and mull over, such as:
Awareness is key. Notice how almost all the apps we download require access to so many things from our mobile phones. From our contact lists, our gallery of photos, SMS, etc. Same thing with using apps that are integrated to Facebook – many of us unknowingly give access to our information on Facebook just because we would like to know our unicorn name. Just remember that these apps are not after delighting you and making sure you will have the ultimate user experience; they are after you and your information. So, think twice before you allow access to the apps you download.
The terms of service, legal notices and other disclaimers are written in what could be the smallest font ever. It is designed that way so that users like you and me will not have the time nor the energy to read through the fine print so we click right away and accept the Ts and Cs because we are too excited to share with the world the photos and videos of our amazing holiday we had in South America. Remember that we are all products of these platforms; the fact that we use these services for free is already a red flag on what they intend to do with the information we share.
Review your privacy settings. Two things you can immediately do: disable the apps others use so your information is not captured by anyone in your network and turn off the apps that connect to your platform. Keep in mind that disabling these would turn off your access to apps using your social media login. You can always opt to use an unidentifiable email address instead.
This Facebook data compromise clearly shows how technology can be misused with none of us ever knowing it happened. Consent is important but if that consent is given unknowingly with just a click because of a bait, or a trojan horse, it is increasingly becoming clear how government should step in and take action. For us individuals, awareness has never been more important than now and a careful review of our online behavior is essential if we want to protect our information.
Kay Calpo Lugtu is an executive of a multinational business process outsourcing company. She is likewise the deputy director of Global Chamber Manila. Her advocacies include data privacy, financial literacy, and nation-building. The author may be reached at email@example.com or, to the more cautious now, at firstname.lastname@example.org. Opinions expressed here are her own.