As social media platform Facebook and CEO Mark Zuckerberg face growing questions about privacy and data security, experts say the incident might spur broader scrutiny of how the tech industry mines and monetizes users’ personal information in a way past moments of controversy have not.
The latest criticism comes after news reports revealed how data firm Cambridge Analytica used a Facebook app to collect data on millions of users without their knowledge and used that information to create millions of psychological profiles for President Donald Trump’s campaign during the 2016 election cycle. Potentially troubling data harvesting practices are not exclusive to Cambridge or to Facebook, though.
“This data trend didn’t start yesterday,” said Luke Hopkins, director of the Center for Retail Innovation at Florida State University. “This has been going on for a while. Facebook, I think they were in the wrong place at the wrong time and they’re going to be the sacrificial lamb.”
This is far from Facebook’s first privacy scandal. Complaints about Facebook policy changes and use of personal data have forced public apologies from Zuckerberg at least six other times since 2006.
In the past, his contrition was generally accompanied by changes to privacy settings, more transparent disclosure of permissions, or walking back whatever updates had sparked anger. This week, Facebook again rolled out efforts to make privacy settings more user-friendly, but lawmakers and the public do not seem satisfied.
“Each time, the public starts to understand a little bit better what data is being collected from them and how that data is being used,” said Elizabeth Cohen, an assistant professor of communication studies at West Virginia University who studies media psychology and parasocial interaction.
The current tempest may be different than the rest, in part because it is inextricably linked to the contentious results of a heated presidential campaign and a president who many Americans distrust and dislike.
“Where I think this is different is it was used to help influence a political campaign,” said Brian Krupp, a professor at Baldwin Wallace University who leads a team of researchers developing solutions for mobile security and privacy.
He also noted the scale of the data harvesting. While only 270,000 people downloaded the quiz app, that granted Cambridge access to the data of nearly 50 million other users who did not consent.
“What caused this to go from one of the other hundreds of thousands of companies, apps [collecting private data], that use of data is that it was linked to a very controversial political outcome,” Hopkins said, and it was an outcome that impacts all Americans.
The Cambridge Analytica story followed a year of steady revelations about how Russian trolls weaponized Facebook and other social media platforms to divide and deceive Americans during the 2016 campaign. Members of Congress and the public continue to debate what impact those efforts may have had on voters.
“We’re hearing it after years of Americans learning how Facebook can be gamed,” said Gennie Gebhart, a researcher at the Electronic Frontier Foundation, noting that past reporting on Cambridge ‘s data practices in Britain had gone largely unnoticed in the U.S.
Cambridge’s actions are certain to remain in the spotlight because of the company’s ties to Trump reelection campaign manager Brad Parscale. Continued digging into the company’s practices has also raised questions about its ethics and use of data in other circumstances.
“People are more awake than ever to this devil’s bargain of turning over our time and privacy in exchange for services,” Gebhart said.
The controversy has also caused some outlets to reexamine how the Barack Obama and Hillary Clinton campaigns collected Facebook data. Fox News reported Fridaythat users of Clinton’s campaign app gave it permission to integrate their phone contacts with their Facebook friend lists to send out texts promoting the candidate.
A Clinton spokesperson stressed that the app merely allowed users to contact their friends about the campaign and dismissed comparisons to Cambridge Analytica’s behavior as “the difference between someone asking you to carpool versus them stealing your car.”
Cambridge Analytica executives, Parscale, and Trump campaign officials have denied that their data collection involved anything improper.
Adding to Facebook’s PR woes, BuzzFeed this week obtained a 2016 memo written by Vice President Andrew Bosworth that literally argues that the company’s growth is more important than preventing terrorist attacks.
“Maybe it costs a life by exposing someone to bullies. Maybe someone dies in a terrorist attack coordinated on our tools,” he wrote. “And still we connect people. The ugly truth is that we believe in connecting people so deeply that anything that allows us to connect more people more often is *de facto* good.”
Zuckerberg has issued a statement disavowing the memo’s contents.
"Boz is a talented leader who says many provocative things. This was one that most people at Facebook including myself disagreed with strongly. We've never believed the ends justify the means," he said.
In a statement Thursday, Bosworth insisted he also did not agree with that view when he expressed it and was only trying to spur internal debate.
"Having a debate around hard topics like these is a critical part of our process and to do that effectively we have to be able to consider even bad ideas, if only to eliminate them," he said.
Facebook remains at the center of the harshest media spotlight, but the latest wave of privacy concerns has already spread beyond the social network. While Zuckerberg is facing several invitations to testify before Congress, the Senate Judiciary Committee is casting a wider net.
Chairman Sen. Chuck Grassley, R-Iowa, has scheduled a hearing for April 10 on “the future of data privacy and social media.” In addition to Zuckerberg, Google CEO Sundar Pichai and Twitter CEO Jack Dorsey have also been called upon to testify.
Members of the committee are already talking about new regulations, fines, or court orders as possible remedies to curtail privacy infringement by tech companies.
A lot of competitors have stayed relatively silent as Zuckerberg faces the heat for Facebook’s transgressions, but Apple’s Tim Cook has come out swinging. At an MSNBC town hall set to air next week, Cook dismissed a question about what he would do in Zuckerberg’s place, asserting that he would never be in such a situation because Apple does not sell its users’ data like ostensibly free services like Facebook do.
“If we monetized our customer, if our customer was our product, we could make a ton of money,” Cook said. “We've elected not to do that.”
There is some truth to that. According to Natalie Bazarova, director of the Social Media Lab at Cornell University, the cycle of privacy controversies we seem to be stuck in is born of the internet’s “original sin,” the ad-driven revenue model.
“This is not limited to Facebook, but goes much deeper because major Internet companies have business models built on collecting information about their users and their behaviors so that they can accurately target ads to them,” she said. “So it's in their best interests to allow users to continue unwittingly share data, and to allow third parties to take advantage of it.”
Whether Facebook or anyone else faces sustained consequences this time around is hard to predict. Some who see a much more systemic abuse of user privacy at play fear that Facebook will take the fall in the public eye and others who are worthy of scrutiny will slink away unscathed.
“Facebook might be the platform you love to hate, but this is not just Facebook,” Gebhart said.
A recent Guardian column by data consultant Dylan Curran detailed some of the 5.5 GB of data Google has quietly collected on him over the years, including maps of every location he has been since first using Google on his phone, a complete history of everything he ever searched on any device, every YouTube video he has watched, and details of every app and extension he has used.
“I don’t think Facebook deserves any sympathy or anything, but I do think they’re a scapegoat of a larger issue…. They’re sort of the public face of all of these things,” Cohen said.
Facebook regularly asks users to “like” or otherwise react to content. Credit cards, grocery card club stores, and other websites often collect data quietly and passively, and the use of that information can be a bit more nebulous.
“You look at retail, data collection is a massive thing,” Hopkins said.
What could expand the reach of the scandal, according to Krupp, is if something happens to make users aware of what companies besides Facebook are doing with this information. People often say they have nothing to hide, but they may not understand the depth of the profiles companies can create with data as simple as their location and browsing history.
“If consumers were really concerned about privacy, they wouldn’t use Google services, they wouldn’t use LinkedIn, they wouldn’t use Twitter,” he said.
It is unclear if society would allow the dominos of data collection to fall and drag down other companies at this point, or if consumers would even want them to. As Americans become more reliant on social media for communication and dependent on e-commerce for shopping, it may already be too late to close the door on the data being shared.
“In a sense, it is realistic to say the genie is out of the bottle,” Gebhart said.
At the same time, she cautioned against “privacy nihilism.” Users can minimize the exposure of data they do not want made public, especially if companies take steps to make privacy settings easier to find and navigate.
However, she and other experts say the sharing of data with social media platforms or retailers is not inherently dangerous if users can be assured some degree of accountability and transparency for how the information is handled.
“You can’t do anything in the world without leaving behind data,” Cohen said. “The only thing we can do is a society is decide what we’re comfortable with in terms of putting some rules around what is done with that data.”
Hopkins also observed that many users like having sites like Amazon or Netflix provide personalized recommendations based on their data crunching.
Going backward may not be an option, but going forward with more openness and engagement about privacy settings and data sharing is.
“On the tech companies' side, they should make their data sharing and advertising policies much clearer to users, be more transparent about what data are shared with apps and third parties, and make privacy settings easier for users to understand and modify,” Bazarova said.
Even if the Cambridge Analytica scandal does not have repercussions on the scale some privacy advocates would like, they hope it will at least leave users with a heightened awareness of what social networks, technology companies, retailers, and advertisers are doing every minute they are browsing online.
“When it comes to the internet, there's no free lunch,” Bazarova said. “If you're not paying for a product or service with cash, you're paying for it with your data.”