The Observer‘s front page today lays into Facebook for a massive ‘data breach’ in which 50 million Americans’ data were harvested by the infamous Cambridge Analytica and used with great effect to target Trump messaging at US voters. They “built models to exploit what we knew about them and target their inner demons” their whistleblower Christopher Wylie is quoted as saying. It was a powerful tool for a campaign based on fear and paranoia. Little surprise then that Cambridge Analaytica is also being investigated by the Office of the Information Commissioner and by the Electoral Commission in the UK in connection with their work on the Brexit referendum.
But the main Observer story oddly misses the point. It focuses on how long it took Facebook to own up to the ‘breach’ and suspend Cambridge Analytica’s access to the service. It describes the accessing of the data itself as “one of the tech giant’s biggest ever data breaches”.
But it wasn’t. And that’s not the importance of this story.
Anyone can harvest data from the web. I harvest it when I can’t remember someone’s birthday or their kids’ names. The Lib Dems harvest it indirectly when they use targeted Facebook advertising. My engagement team in a previous job harvested it using smart algorithms to find possible engagement targets, ironically, to promote better data, openness and transparency. The point is that all this information is out there and – a point confusingly referred to in the Observer piece – platforms like Facebook don’t regard it as their data but their users’ (“it may be data about people who are on Facebook that they have gathered themselves, but it is not data that we have provided”). Facebook’s suspension of CA appears to be because of technical breaches to their terms of use, particularly the sale of data to third parties.