In 2014 Cambridge Analytica began collecting people’s Facebook profiles for the purpose of influencing minds around Brexit. They were working on behalf of their client, Leave.EU, who shared how hiring Cambridge Analytica would help them “map the British electorate and what they believe in.”
Facebook says it wasn’t a security breach, but instead a breach of policy.
270,000 britons were paid a few dollars each to install a personality test app. It included a provision that allowed researchers to view participants’ friend profiles, increasing the dataset to over 50 million people. To their credit, Facebook noticed and tightened their platform to disable apps from accessing profiles of friends.
The harvested data was used in micro-targeting, where ads are made and information delivered to specific groups of people based on their personality. As part of the research agreement with Facebook, personal information was forbidden from commercial use and should have been deleted. Neither requirement was followed.
In their 2016 campaign, Team Trump spent $85 million on Facebook (not including all the fake news re-shared by people who didn’t know better or the ads foisted by allies). One pro-Trump Super PAC, Make America Number 1, also hired Cambridge Analytica.
By May 2017 it was clear that a fair amount of targeted information about Brexit had been the product of psyops–a form a psychological warfare.
“Capture their minds
and their hearts and souls
Psyops is not new. Commercials and pamphlets and misinformation have long been used to target and convince people of things that history has shown preposterous. During WWII, hundreds of families jumped off suicide cliff in Saipan because they believed the invading Americans would torture and mutilate them. The game may look different in the Information Age, but the tactics are traditional.
Since (and before) the 50 million Facebook profiles mined by Cambridge Analytica, hundreds of millions of people have been profiled through similar means, their personal info squirreled away in databases around the globe. If Cambridge Analytica has done it, others are bound to as well.
The potential for mass-breech is magnified by linked apps and games. Every online platform has an API: Application Programming Interface. An API is what allows Internet software developers to make apps that link with other apps and is, fundamentally, what makes the Web a web.
APIs allow you to email a picture from your phone, or for your Instagram posts to appear in your Facebook timeline. They make it so your news reader finds articles on topics you find pertinent. People have noticed how creepy it is when they’re shopping for something online then ads for that very thing show up in their Google or Facebook sidebar. And people have noticed how neat it is when they can view posts by people in their immediate vicinity, or play a game with friends thousands of miles away.
The beauty and danger of the web is interconnection. If you’re considering deleting your Facebook account, you might also consider deleting everything else: Twitter, LinkedIn, Instagram, iCloud, Amazon and nearly every other online social and shopping account including email like Yahoo, Hotmail, and of course Google.
While many folks are wary of the fine print that appears when authorizing an interconnecting app, many simply click “Accept” without pondering the risk.
The question isn’t whether we can trust these companies to keep our information private. We know that online privacy and actual personal privacy are different things. Nor is the question of which software developers linking apps with APIs are violating policy by storing, transferring, or re-using people’s data in a way they shouldn’t. It’s safe to assume there will always be some rule breakers.
And so the question is: what is your risk?
The face of privacy is changing. We want to be ourselves, and we want to be ourselves out loud. I like cute kittens and I enjoy playing Words With Friends. There, I said it.
In order to gauge risk you must ponder both the price and what you get in return. Not an easy thing to do with the pace of information technology. This is why so many people struggle with the question of whether they should #deletefacebook or even devote any time to learning how to navigate the intricacies of the Web.
There are many elements of risk in social media. Micro-targeting as part of psyops is one, and is more risky to susceptible populations in certain information-controlled environments. Identity or intellectual property theft is another risk, along with becoming a target for scams or even threats to personal safety. Other risks are less obvious: effect on career or friendships, time loss, vanity or embarrassment, and possibly most insidious: addiction to the dopamine jolt that comes from a “Like” or retweet.
Other elements of risk include the service you’re using, and how you’re accessing it. Joining public wireless from a hotel or coffee shop can be risky. Posts to Twitter are public for all the world to see. Snapchats can be saved by taking a screenshot. Posts on Facebook or Google set to a limited audience (even emails and “private” messages) pass through computers beyond your control. All of these carry an element of risk. Even the words you type and then delete in a search box could be captured and used to provide you with “better” search results. Same with the items you add to a shopping cart then remove.
The rewards are as varied as the risks. They range from general learning and improvement to community engagement; to staying in touch with distant friends and family and business contacts.
Your personal circumstances will determine your risk. It’s something only you can judge. If you’re not sure of the risk/reward for various online actions, try plotting them on a chart. Here’s a blank one you can print and put by your computer.
Fortunately there’s a general rule of thumb to guide you. Before you click the “Post” or “Submit” button, ask yourself: would I feel comfortable seeing this on the front page of the newspaper?
If the answer is anything on the scale from “OMG No!” to “mmm probably not” then you might think twice about whether or not the reward is worth the risk.
Once you put it out there, they will try to use it to sell you stuff. So you will need to be prepared to resist.