Can Facebook be blamed for Cambridge Analytica?

Can Facebook be blamed for Cambridge Analytica?

Facebook’s user data is a powerful tool for marketing and research. What responsibility does the social network have when an app maker allegedly breaks its terms and lies about it?

Facebook is dealing with another controversy related to the 2016 US presidential election, and the fallout could have implications for how the social network treats data and the community of software developers who have access to it.

On Saturday, the New York Times reported that a firm called Cambridge Analytica, which worked with the Donald Trump campaign, harvested information from 50 million Facebook accounts without their permission.

How Cambridge Analytica got that data is where it gets complicated. It allegedly leads back to a Cambridge professor named Aleksandr Kogan, who created an app called “thisisyourdigitallife,” a personality quiz that was billed as “a research app used by psychologists.”

He legitimately gained access to information on 270,000 accounts through Facebook’s Login feature, which lets people use their Facebook account to log into outside apps so they don’t have to create new user names and passwords. At the time Kogan allegedly collected the information, Facebook allowed developers to also access information not only from the people who opted into the feature, but some other data about their network of friends. That added up to info from 50 million accounts, according to the New York Times. (Facebook changed its rules three years ago to stop developers from seeing information about people’s friends.)

So far, Kogan’s data-gathering was all above board and in compliance with Facebook’s rules.

But in 2015, Facebook learned that Kogan had passed on that data to Cambridge Analytica, Paul Grewal, Facebook VP and deputy general counsel, said in a blog post. When Facebook found out, the social network demanded Cambridge Analytica and Kogan destroy the data. Facebook said it received certifications they had complied.

Now, there are allegations not all the data had been destroyed.

In reaction to the controversy, Facebook’s most senior executives have been trying to stress that Facebook was deceived. Kogan shouldn’t have passed on the data, they said, and those involved shouldn’t have lied about deleting all of it.

“[Kogan] lied to those users and he lied to Facebook about what he was using the data for,” Facebook’s chief security officer Alex Stamos wrote in a now-deleted tweet.

But the dustup raises several questions about Facebook’s responsibility in all of this. Facebook’s trove of data on its 2 billion monthly users is a powerful tool. It helps millions of people connect with one another, while also helping advertisers send targeted ads based on what people put in their profiles.

To what extent is Facebook responsible for bad actors who abuse developer agreements? Could Facebook have done more to ensure the data had been destroyed — beyond accepting certifications it was deleted? How can the social network try to make sure other developers don’t pass on the data they collect to other parties?

Facebook didn’t respond to a request for comment asking the company these questions.

Still, critics put the blame squarely on the social network. “Facebook leaders think we are questioning their motives and sincerity. Hardly,” tweeted Siva Vaidhyanathan, director of the Center for Media and Citizenship at the University of Virginia. “We are calling them out on their policies, actions, and their consequences.”

For Facebook’s part, Grewal said in his blog post that Facebook has made changes to how it deals with developers in the last five years. For example, the need to undergo an app review that requires them to justify collecting certain types of date.

Read full information