Journal Club Review – Privacy and Big Tech

June’s journal club was lead by Amanda Hurley (Postdoc in Jo Handelsman’s Lab). Journal club review was also written by Dr. Hurley.

This past month, the CaSP journal club met to discuss the recent privacy complaints against Facebook from Congress and consumers alike. How could anyone forget this iconic image. Mark Zuckerberg, CEO of Facebook, called in to testify before Congress in April 2018 and getting his photo taken by a million reporters. But how did we get to this point? Why does Congress even care if Facebook is collecting data on the birthdays of its users?

The answer begins with the intractable relationship between privacy and security. In 2014-2015, there was a huge push in Congress to pass cybersecurity laws that beefed up training, research, and dissemination of cybersecurity threats. Some laws passed with flying colors like the Cybersecurity Enhancement Act of 2014. Other laws, such as the Cybersecurity Info Sharing Act in 2015, were much more contentious. The law passed, but barely, with strong opposition from many industries such as Apple, IBM, Microsoft, Google, Amazon and, you guessed it, Facebook.

 

In brief, the new law allowed private sector companies to monitor and implement defensive measures on their own information systems to counter cyber threats. In other words, private companies are now encouraged to hand over any information to the government on employees or users who are potentially a cyber threat. Companies, such as the above mentioned, rallied against the law touting their passionate devotion to the privacy of their users and employers and suggested this law was actually a government surveillance tactic.

In January of 2017, we swore in a new president. Nearly a year later (January 17, 2018), the Senate held a hearing titled “Terrorism and Social Media #IsBigTechDoingEnough?” There were two major topics of the hearing: 1. Preventing posts from terrorists and 2. Russian interference in the election. The takeaway from topic #2 was that the Russia is playing by the rules of social media platforms to spread suspicion and apathy in democracy and the US government. In March, a NY Times article was published that revealed Facebook was privy to a pervasive data breach that may have impacted the election of Trump. The problem was this: Global Science Research, a contractor for Cambridge Analytica (US political consulting company) sponsored a survey that required the downloading of the Facebook app. Once downloaded, the survey-taker’s data and the data of all of their friends was accessed. Global science research insisted the data would be used for “academic purposes.” In reality, the data was used to build 5 personality traits that helped target political advertising. Within three months, Facebook was implicated in two huge scandals involving the 2016 elections.

Now, incredibly, this story broke years ago in 2015, but up until now Facebook has insisted there were no wrongdoings. What caught the Senate’s eye was that Facebook moved to suspend Cambridge Analytica from Facebook because the company lied about deleting the user data. The Senate committee promptly sent out letters to Zuckerberg and Cambridge Analytica’s parent company, Strategic Communication Laboratories (SCL), demanding information on the types of data, sharing of data, and terms of service for the original survey app. A few days later, the Senate requested Zuckerberg testify, leading to the infamous photo shoot.

 

I’m not entirely sure what the Senate got out of that testimony. And frankly, I think they were also unsatisfied because they sent Zuckerberg a second letter when another NY Times article revealed that not only was Facebook securing deals to provide app developers with data, but it was also brokering deals with device-makers themselves. Again, your Blackberry, Apple, or Samsung device (and 57 more manufacturers) has access to your name, picture, about information, current location, email address, and the private messages of you, your friends and your friends’ friends. It doesn’t exactly seem like Facebook is upholding the sanctity of privacy as it claimed in 2015 during the cybersecurity legislation.

 

Again, Facebook insists there is no misconduct. Users agree to data access in the terms of service and privacy agreements, which is entirely true. But there are two major, potentially illegal repercussions. The first is the access to your friends’ data who did not sign your personal terms of service. Second, once the data is acquired by an app or a device, who owns it? Can the app sell the data to another company? Is Facebook responsible if the downloaded data is misused as with the Cambridge Analytica debacle?

What about users? Unfortunately, by all our own admittance at CaSP journal club, we rarely read terms of agreements and they’re hard to understand. These major social media platforms forming niche monopolies that we have become dependent on. We suggest the best option is to incentivize these companies, through the federal government, to protect privacy. And simply, targeting ads for political services should be illegal. While privacy has always been a concern, we never saw the consequences play out, until now. Freedom is important, obviously, but bad actors are taking advantage of lax social media regulations to post propaganda and terrorism. Social media companies have the responsibility to change the rules so bad actors are no longer assisted in their global culture war.