Here is my summary of what I've been writing on my blog for the last few weeks while the Cambridge Analytica/Facebook controversy was brewing.#
There are two stories, advertising and world domination#
The first story: targeted advertising. Facebook has an ad system, a web app like Facebook itself, where people enter credit card information, keywords and demographics to determine who sees their ad. They don't get any information about the users this way.#
The second story: Facebook's API. This is how Cambridge Analytica got the data.#
In 2010 Facebook announced with huge fanfare and press coverage that they were opening up Facebook's data to developers. They called it The Social Graph. They would accumulate every fact in the world, and turn that into a platform for developers.#
They weren't doing this out of the goodness of their heart, though there is some of that (seriously, not kidding). This is how tech companies achieve dominance. They capture developers and potential competitors by being the environment everyone makes software for. We become part of their ecosystem, they control us. I'm sure Bill Gates and Steve Jobs schooled him on how to do this. It's how power is expressed in tech.#
Equifax was a bonafide breach. The information captured was what you need to impersonate people in financial transactions. 148 million identities.#
In 2008, the US government had a massive data breach of veterans data, 70 million records. Again the kind of data that can be used to impersonate people to steal money. #
We're not sure all that has leaked through the Facebook API. In the last few days people have been saying that direct messages, which feel very private, were shared through the API. If so, yes this was a breach. However everything else was pretty well disclosed.#
The reason it's a shock is the press failed to report on it in 2010 and after. Facebook does a thorough job of disclosing it to users. Zuckerberg was being dishonest in other ways in his testimony, but in this respect, he was being truthful. Not necssarily kind or fair, however, because they, like everyone in tech, are aware that users don't understand what they're giving up.#
Not much. Every developer that has access to the Facebook API, and it's more or less open to the world, any of them could have done what CA did. The API been around for 8 years, and in that time companies formed solely to use the data that you can get through the API. Many of them. #
An analogy. CA as a crisis would be like saying a leaky faucet in Manhattan is a crisis. The crisis could be all the leaky faucets everywhere. The intersection of CA with Facebook, while it sounds big is actually pretty small in comparison to the actual scope of the problem.#
Because I am a developer who uses the same API as CA I knew what was going on. #
Even so -- as a Facebook user -- I tried some of the data capture services that masquerade as tests and quizzes. But relative to Equifax, other credit companies, doctors I've used, banks, many of which have had real data breaches, Facebook really doesn't have much if any info that isn't already out there. #
It's really hard to find much damage done to users here. Much less so than with Equifax or NARA, for example. #
Facebook is a silo, and that's bad for freedom, but it is a place where a lot of speech happens, so there are First Amendment issues with regulating Facebook. #
Yes. On privacy disclosure, and prohibiting the most draconian uses of user data. It should not be possible for users to give those rights up in exchange for use of a social system like Facebook. The idea is similar to the law in California that says that most non-competes are not enforceable. The benefit you receive has to be somewhat equivalent to the data you give up. #
This affair should get users, government and the press to look at other tech companies who have business models based on getting users to disclose ever-more-intimate information. Here are some examples.#
Google, through Android, knows every place you go. They use that data. Do they sell it? I don't know, but I'm pretty sure you can use it to target ads. Apple, through the iPhone also knows where you go.#
Apps on Android or iPhones can be told where you go. Many of them are only useful if you let them have the info. Apps can also have all your pictures, contacts. Face recognition makes it possible to construct a social graph without any access to the Facebook API.#
Google and Apple can listen to all your phone calls.#
Google, through their Chrome browser, knows everywhere you go on the web, and everything you type into the browser. #
Amazon Echo and Google Home are always listening. Imagine a leak based on conversations at home, phone calls, personal habits, arguments you have with your spouse, kids, any illegal activities that might be going on in your home. #
If you have a Gmail account, Google reads your mail, and targets ads at you based on what you're writing about. They also read the email that people send to you, people who may not also be Gmail users. Some examples of how creepy this can be -- they seem to know what my investments are -- I assume they figured this out through email. Recently they told me when a friend's flight to NYC was arriving. I don't know how they made this connection. I assume it was through email.#
Amazon, of course, knows everything you buy through Amazon. #
And on and on. We've reconstructed our whole society around companies having all the data about us that they want. It's kind of funny that we're all freaking out about Cambridge Analytica and Facebook. The problem is so much bigger. #
It seems like a non-event to me. The press knew all about the API going back to 2010. That they didn't foresee the problem then is a result of the press accepting the hype of big tech companies on their terms, and not trying to find out what the implications of technology are from non-partisan experts. This was a story that could have and should have been written in 2010, warning users of a hidden cost to Facebook.#
Today's scandal, the equivalent of the one in 2010, is that Google is attempting to turn the web into a corporate platform. Once they control the web as Facebook controls the Social Graph, we'll have another impossibly huge problem to deal with. Better to head this one off with regulation, now, when it can do some good. #