How much should we care about Cambridge Analytica, and how much were Facebook to blame?
One of the things that’s struck me over the recent weeks has been the reaction to the recent leaks coming out of Cambridge Analytica. In my eyes, Facebook’s argument about there not having actually been a ‘data breach’ holds true; but there are still certain questions we should be asking ourselves around what digital citizenship looks like, and how much privacy can we expect in a world of ever faster processing speeds and with the barrier to entry being consistently lowered.
Back in 2016, an old colleague approached me about an idea that he was working on with a group of guys I knew. It was a social media listening tool that could be used to help political parties better scope their messaging and a ‘machine learning’ element to ensure that the lessons could be learned much faster than traditional methods. A noble aim, and nothing too out of the ordinary. A natural development from traditional manual-based process to a digitally-augmented solution. Bread & butter.
It’s worth re-articulating what these previous methods were:
- Workshops with different segments of voters to test messages.
- Cold-calls, to get feedback and test these message.
- Doorstepping, to get face-to-face feedback and understand what was affecting the key segments of voters that you hope to switch.
I don’t think there’s many people that would object to the digitisation of these efforts, especially those that had to attend or manage what I’d imagine to be fairly tedious focus groups…
So, fast forward to the digital sphere and suddenly we’ve got a whole load of new information that can be cross-referenced to find out new causal relationships. One of the key elements of the Cambridge Analytica scandal was the way in which they could segment your political beliefs based on the things you’d ‘liked’. Frankly, in the analogue world any doorstepper who got invited into a lounge for a cup of coffee could have glanced up a bookshelf to do the same thing - still a bit creepy, but limited in depth.
After posting on Facebook a little ‘well done’ to all my connections around not having filled out the “My Digital Life” questionnaire, therefore not sharing my data with CA, I got some fairly pragmatic feedback:
"Thank God - imagine what CA could have done with the info that you'd watched "My Sister's Keeper" 5 years ago and wrote a blog post about panic buying carrots in 2013..."
Well, I can only agree with the sentiment. This is not a Facebook problem. I happily posted about “My Sister’s Keeper” on this blog a few years ago, and yes, I did panic buy carrots and that’s here too. Looking back at my internet history (for those of you wanting to waste some time and googling me), you’ll also see I posted about Sting’s concert on the night of September 11 2001. I’ve got a digital identity that’s fairly immutable - much of what I’ve posted I no longer have access to accounts to delete, and nor do I particularly want to.
Ultimately this shouldn’t be a question of about what we post up to Facebook or not. I did it in full knowledge that anything on my profile was public domain. Facebook storing a history of my private messages, yeah that’s a bit of a different question but still part-and-parcel of online life. Alternatives are available.
Do Facebook have a responsibility to their users? Possibly, but ultimately their chief responsibility is to their shareholders. Agree or disagree, they’re the facts and that the incentivisation to think about when you’re making a decision of where you put your content.
Do I think there’s a place for regulation?
What regulation needs to do is articulate what ‘private’ should mean online. Most people I speak to are surprised when I point out the most email is completely public. It passes through server-to-server with little protection from anyone reading it. Whatsapp on the other hand at least encrypts your messages so that you at least know which parties have access to your message - you, your receipients, and Whatsapp/Facebook. My suggestion would be that services need the equivalent of the SSL ‘Secure’ seal which defines what ‘private’ really means - but I expect (in the same vein as SSL certificates) that this will cost in the short term until the innovators catch on and find a way to reduce these costs.
Cambridge Analytica did what they did, and right now there are probably hundreds, if not thousands of organisations trying to replicate their data. All Facebook did was reduce the difficult ahead that of their competition. The level of access that you can get on an individual user based on their Facebook profile is indeed significant, but by cross-referencing anything about my digital identity online you could probably come up with as significant a profile on many people. Don’t get bogged down in vitriol about the immediate tactical response, but think longer term about the right strategy to hand over the internet to the next generation of netizens.