Can Facebook be trusted with your personal info? Voter harvesting scheme shows perils for users

facebook
Credit: CC0 Public Domain

Can Facebook be trusted with your personal information?

That's the question many Americans are asking after revelations that a data-mining firm working for the Trump campaign improperly got its hands on the personal information of tens of millions of Facebook users and created detailed profiles that were used to target unsuspecting voters in the presidential election.

For many, the incident raises troubling new questions about how Facebook manages third-party access to the sensitive information of its 2 billion users, including what safeguards the social media giant has in place to prevent apps from sharing information and whether it has any way of knowing when it's shared more broadly than intended.

Facebook says a researcher, Cambridge University's Aleksandr Kogan, gained access to the data of 270,000 Facebook users in 2013 through a personality quiz app that required Facebook users to grant access to their personal information including friends and "likes."

According to Facebook, he then gave that information to Cambridge Analytica, the firm that claimed it helped President Trump win the 2016 election. The Trump campaign says it did not use data from Cambridge Analytica.

Facebook says the transmission of data to Cambridge Analytics was a violation of its rules and, on Friday, it suspended the firm. On Monday Facebook announced that Cambridge Analytica had agreed to an independent audit by a digital forensics firm. But the auditors were turned away by the UK Information Commissioner's Office, which is pursuing its own investigation.

Before apps gain access to Facebook users, the Silicon Valley company says it conducts "a robust review" to determine if apps have a legitimate need for users' data. It also noted it has restricted how much personal information outsiders can obtain since the Cambridge Analytica incident.

"We actually reject a significant number of apps through this process. Kogan's app would not be permitted access to detailed friends' data today," Facebook said.

It's unclear if that statement will assuage worried users. It certainly hasn't lowered the political heat in the U.S. and Europe, where calls are intensifying for new regulations.

And on Monday the markets reacted.The nearly 7% plunge in Facebook shares led a sell-off in tech stocks.

Cambridge Analytica "is another indication of systemic problems at Facebook," Pivotal Research analyst Brian Wieser.

Those systemic problems have dramatically worsened since the presidential election, with Facebook coming under intense fire on multiple fronts: Russian operatives using Facebook to manipulate voter sentiment during the presidential election, Facebook accounts spreading "fake" news, the potential for its advertising system to be used for racist targeting and its slow response to violent or harmful content on the platform.

Wieser says he does not believe the latest public relations nightmare will dent Facebook's advertising business because advertisers are unlikely to suddenly pull back on spending.

And that's the problem, says Jeffrey Chester, executive director of the Center for Digital Democracy.

"The Cambridge Analytica scandal gives us a glimpse of how Facebook makes billions of dollars off of our personal information without ever dealing with the consequences," said Chester, a longtime privacy critic of Facebook.

Tapping the personal information people freely share on the social network to target advertising is the special sauce that has turned Facebook's business into one of the world's most powerful and lucrative. But it's also Facebook's greatest weakness, making it vulnerable to criticism from privacy activists, regulators and lawmakers.

Over the weekend, U.S. and British lawmakers and privacy activists slammed Facebook, with some demanding that Facebook chief executive Mark Zuckerberg personally appear at legislative hearings.

In 2007, Facebook gave third parties who created an app on the Facebook platform access to the personal information of Facebook users including friend lists, interests and "likes." The move coaxed more people to join Facebook and spend more time there, fueling the rapid rise of the social network from 58 million users to more than 2 billion.

Marc Rotenberg, president of the Electronic Privacy Information Center, says the Cambridge Analytica incident is a textbook violation of the settlement Facebook reached with the FTC in 2011 which required that Facebook users give permission before their data was shared beyond the privacy limits they set on Facebook.

That news, which broke over the weekend, didn't seem to rattle Facebook users, who have shrugged each time the Silicon Valley company has played fast and loose with their privacy.

John McGrath, who says he rushed to delete his Facebook account when he heard the news, didn't end up pulling the trigger. He says a four-year-old photograph of his daughter playing the piano stopped him in his tracks.

"It feels like the Gambinos have hijacked my family album," McGrath, a 48-year-old software developer and product manager from San Francisco who works for Amazon, wrote in a Facebook post.

So instead he removed all the identifying information he could: where he lives, works, where he went to school, family relationships, contact information and more.

"You can't do psychometric profiling with no data," McGrath said, "so I'm taking my data back."

Explore further: Facebook launches audit of data leaked to Trump consultant