FACEBOOK is caught up in a data breach controversy that saw info on 50 million users exposed – but what actually happened?
Here’s a simple guide to the Facebook data breach fiasco.
What’s the Facebook data breach controversy about?
This weekend, a report by The Guardian revealed that a company called Cambridge Analytica had harvested the personal data of 50 million Facebook profiles.
This information was allegedly used to map out voter behaviour in 2016 for both the Brexit campaign and the US presidential election.
Cambridge Analytica is a British company that helps businesses “change audience behaviour”, and supposedly helped get US President Donald Trump elected.
How was the Facebook data harvested?
Back in 2015, a Cambridge psychology professor called Aleksandr Kogan built an app called “thisisyourdigitallife”.
The app was a personality quiz that asked Facebook users for information about themselves.
Kogan’s company Global Science Research had a deal to share info from the app with Cambridge Analytica.
Roughly 270,000 Facebook users signed up and took personality tests.
But the app also collected the information of each user’s Facebook friends, who couldn’t possibly have provided consent.
Related: How to delete Facebook
How did we find out it happened?
We only know about this because a Cambridge Analytica whistleblower exposed the whole ruddy affair to The Guardian.
Christopher Wylie said: “We exploited Facebook to harvest millions of people’s profiles.
“And built models to exploit what we knew about them and target their inner demons.
“That was the basis the entire company was built on.”
Around 50 million people are believed to have had their data harvested without their permission.
And the New York Times reports that copies of the data are still available online.
What was the data used for?
Cambridge Analytica are a data analysis company that anyone with enough money can hire.
In this instance, the data they sourced from Kogan was allegedly used to help Trump get elected, and to boost the Brexit campaign.
The company used the data to build psychological profiles of Facebook users, to create better political campaigns that could sway their views.
Wylie explained: “It is a full-service propaganda machine.
“If you can control all of the streams of information around your opponent, you can influence how they perceive that battle space, and you can then influence how they’re going to behave and react.”
Has Facebook responded?
Facebook has flatly denied that the fiasco was even a data breach.
They say Kogan’s app picked up information in “a legitimate way”.
However, they admit that their rules were violated when the data was sold on to Cambridge Analytica.
In a series of now-deleted tweets, Facebook’s security boss called The Guardian’s story “important and powerful”.
But he went on: “IT is incorrect to call this a ‘breach’ under any reasonable definition of the term.
“We can condemn this behaviour while being accurate in our description of it.
“The researcher in question, Aleksandr Kogan, enticed several hundred thousand individuals to use Facebook to log in to his personality quiz in 2014. He lied to those users and he lied to Facebook about what he was using the data for.
“However, Kogan did not break into any systems, bypass any technical controls, or use a flaw in our software to gather more data than allowed.
“He did, however, misuse that data after he gathered it, but that does not retroactively make it a ‘breach’.”
So why are people angry at Facebook?
The problem is that Facebook knew about the harvested data since 2015, but supposedly did nothing to protect users.
The social network tracked down the groups that the data had been given to, and asked them to delete it.
But Facebook didn’t enforce this, and had no way of knowing whether the data was actually deleted.
Also, Facebook didn’t tell users whose data had been harvested, which could be illegal in the UK and USA.
Facebook Data Policy – what do they know?
Facebook admits collecting the following data…
- Things you do when you use Facebook
- The information you provide to Facebook
- The information other people submit about you, including info, photos, and messages sent to you
- Your networks and connections
- Information about payments made through Facebook
- Device information about the gadgets you use to access Facebook
- Location information, uncovered through your device
- Information from websites and apps that use Facebook services
- Information from third-party partners, like advertisers
- Information from Facebook-owned companies, like WhatsApp and Instagram
In a blog post, Facebook said: “Several days ago, we received reports that, contrary to the certifications we were given, not all data was deleted.
“We are moving aggressively to determine the accuracy of these claims.
“If true, this is another unacceptable violation of trust and the commitments they made.”
Are you safe?
Sadly, there’s no way to know if your data has been harvested right now.
The good news is that the information being harvested is technically public, because it’s on your Facebook profile.
That means you probably don’t need to worry about being scammed or hacked as a result of the alleged breach.