The Facebook Data Mining Scandal – What happened

Data Security | March 22, 2018

Facebook recently made headlines after news broke that the UK-based firm Cambridge Analytica had used a quiz app to gain unauthorised access to millions of user information. This latest Facebook data mining scandal has many calling for greater accountability and for high ranking officials to take the necessary measures towards greater data security.

 

Data ripped included users’ identities, their friend networks, and the various likes/interests from millions of Facebook users. Officials of both companies have asserted that nothing illegal has taken place, given that all users (inadvertently) gave consent by agreeing to the user conditions in the app. With social logins growing in popularity over the years as one of the most convenient means of accessing an application or platform, more users are opting to leverage this technology, which means the risk of unauthorized Facebook data mining is only going to increase.  

 

What exactly happened with the Facebook data mining scandal?

Before we go any further, it’s important to point out that this is not at all a fringe event – this happens all the time and Cambridge Analytica is not the only company to exploit this. In fact, a few years ago, Sandy Parakilas, a platform operations manager at Facebook who had the difficult job of monitoring and policing data breaches by third-party software developers, warned the company about such risks. In an interview with the Guardian, he warned senior executives at the company that its very relaxed and “turn a blind eye” approach to data protection placed all the platform’s users at risk of a major data breach.

However, since the main focus these days is on the breach/scandal as it pertains to Cambridge Analytica, let’s focus on that.

In short, what happened was that the political research firm was able to gain access to data belonging to over 50 million Facebook users through a third-party personality quiz application – the users had absolutely no knowledge of this and had not explicitly given consent for this to take place. Given Facebook’s policies at the time to hinder these types of activities, the quiz app was able to pass this information along to the firm, which then used the information to create detailed user profiles of Facebook users. They used this profiles to essentially develop micro-targeted political ads that were intended to sway users in favor of one candidate during the 2016 US Presidential elections.

While it’s a given that the ad-campaign likely had minimal impact on actually swaying voters, it is the principle and breach of data/confidence behind this event that has many people shocked.

 

Who exactly was impacted? 

What’s unique about this particular breach of data was that the Facebook data mining scandal did not just impact the users who took the quiz, but all their friends and other shared interests as well. Consider this for a moment – only 270,000 people downloaded the quiz app, however, over 50 million users had their information accessed.

This level of data compromisation means that any company, not just a political research firm, could gain such personal pieces of information, which could then be leveraged for various purposes – including targeted advertising.

The justification of people who side with Facebook, especially Facebook executives, on this particular issue is that (technically) “everyone involved gave their consent”, given that the minute a user accepted the infamous Terms and Conditions checkbox, they opened themselves up to having their data accessed. The only problem with this argument is that consent usually implies that users were aware that their data was being harvested – in this case, a huge majority did not.

 

– Special tip –

If you haven’t already done so or figured out how to do so, here’s how you can check which apps have access to your’s and your FB friends’ information.

Access Facebook through your desktop/laptop or via your mobile app, hit the drop-down menu on the top-right side and select “Settings”.

Next, select “Apps”, which should be on the left side of the page on desktop. On the mobile version, all you need to is scroll down the settings page.

Once you access this page, you will be able to see all the apps that have access to your personal data, like your gender, networks you belong to, your username, user ID, full name, your profile picture. You can also see which ones have access to your full friends list and any other public information on your profile. Surprisingly, most people have absolutely no clue how this works – despite having above-average tech savviness.

In the moment, selecting whether or not to use your social information to log in may seem like the convenient option, however, it’s always advised that you should carefully read and consider the terms of the app.

 

How can the IAME identification network completely transform/fix this?

Given that the IAME platform is all about heightening identity and data security/management, it goes without saying that decentralised fragmented approach would fundamentally transform how data is shared across the social platform – if it was implemented there.

Speaking about the recent data debacle, our Engineering and Entrepreneurship advisor, Oliver Oxenham, said it best – “If I consent an app to get my contact as well as my friends list, the app should not be able to contact my friends. Only me. Somehow, in this scenario, the app was able to gather a list of 50 million contacts with only 270k users. I think with IAME’s identity management, it would be easier for Facebook to provide users with the ability to share what they really want to share. In this case, maybe it would have been just my friends names and not their contact information”.

 

If you would like to know more about the Facebook data mining scandal, the blockchain space, and other related topics, stay tuned to our blog series. If you’d like to know about IAME and our upcoming ICO, please visit our website, read our white paper, and check out our road map. Feel free to contact a member of our team by visiting our  Facebook page, or by following us on Twitter.