The frightening extent to which technology companies have been harvesting our data finally came to light with the Cambridge Analytica scandal. Worse than just raping your personal information from your Facebook profile, the data they stole wasn’t just used to sell you stuff: It was manipulated to sway public opinion through deceit and disinformation. Yes, in large part we have Facebook to thank for the election of Donald Trump and the proliferation of "fake news," and finally the illusion that tech companies are idealistic, “do no evil” entities (as Google’s slogan used to claim) has been shattered. The public now knows these companies are not your friends – they are peeping toms keeping detailed tabs on your life and reaping profit at the expense of your privacy. But is any of this really new?
The Cambridge Analytica Outrage
In the recent Cambridge Analytica scandal, it was revealed that hoards of user information had been scraped and used for the purposes of political disinformation. Now that the public has realized the severity of the problem – with upwards of 80 million Facebook users falling victim – the global backlash against Cambridge Analytica has been swift and powerful, causing the billionaire-owned company this week to shut down and file for bankruptcy. A bit of a pyrrhic victory, especially since the majority of Facebook's users have already had their data and privacy violated in so many ways.
However, rather than face up to its problems, CEO Mark Zuckerberg instead spewed a flurry of excuses and platitudes to the public. When called to testify several weeks ago before Congress, Zuckerberg didn't really own up to his mistakes or take responsibility for his company's illegal actions. From the security of his booster seat, in fact, he appeared to mislead Congress and the U.S government. His version of taking the 5th was simply repeating: "My team will get back to you."
But it's not "his team" that is responsible for Facebook’s evil turn. Rather, the blame rests squarely on his shoulders as director and CEO.
Who Was Affected?
The initial estimate of the number of compromised accounts was an outrageous understatement. Facebook initially announced that only 270,000 users had been affected by Cambridge Analytica's abuse of user information. The company afterwards admitted that data from over 50 million users might have been compromised, due to lax security policies. Later, that was quietly upped to 87 million in a Facebook blog post. But even the 87 million figure was misleading, as it was later revealed in the same blogpost that nearly all of the company's 2.2 billion users’ data had been compromised to some degree.
A ‘Hybrid War’
There are indications that marketing tools created by Facebook were used by Cambridge Analytica in concert with other malicious actors to sway the results of the 2016 U.S. election. Worldwide, Cambridge Analytica has also been linked to controversial votes such as the decision by the UK to leave the European Union.
As a result, Britain has already started to use terms like “hybrid war” to describe this form of attack on democratic processes. It is unquestionable that the tools Facebook created were and are still now being used globally to spread targeted disinformation. The degree of Facebook’s complicity remains somewhat unclear, despite the fact that Cambridge Analytica took large amounts of data by easily exploiting Facebook Apps such as ‘thisisyourdigitallife’.
When the scandal was first discovered in 2015, Cambridge Analytica was told by Facebook that it must delete all the data it had harvested. Taking the company at its word, Facebook didn't follow up on its demand and, to this day, Cambridge Analytica is suspected of maintaining a hold on all the user data – which potentially means Russia and other foreign actors also have all your information.
Terms of Service are Not Terms of Servitude
The absurd defense put forth by Facebook is that we all agreed to be spied on when we agreed to their terms of service. Hidden in those lengthy, impenetrable blocks of legalese, the public supposedly gave technology companies carte blanche to do whatever they wanted with our most personal information.
Even if you didn’t agree to its terms of service, or ever used Facebook or any social media, your data was probably still mined if any of your friends used its services. The fact is, there is no way to avoid a gross privacy violation if you use a cellular or internet service provider, or if you even have a credit card. So unless we all become recluses living off the grid, the issue must be resolved, and fast.
The trend of services and apps routinely harvesting our data is as pervasive as it is alarming. Terms of service are imposed rather than entered into willingly by the customer. Given new public awareness about the issue, momentum may be building to assert new legal levels of privacy. After all, our private lives are exactly that, private, and the details of someone's life belongs to them alone. Finally, argue advocates, our data is our property, and if tech companies won’t respect the fact on an ethical or moral level, then laws must be written to codify those rights.
Even if we agree that tech companies need access to our information in order to provide their services, there is no reason that they must pass this information on to anybody else. There is already a similar situation where an entire industry – healthcare – requires access to your most intimate information to provide their services, but they're not allowed to sell it. Just because healthcare providers know everything about you doesn't give them a right to profit from selling information about your medical history. The same rule can be applied to social media and other technology companies.
The HIPAA Precedent
In fact, it is highly illegal for your healthcare provider to sell your medical information. The Health Insurance Portability and Accountability Act, or HIPAA, is a law that sets strict guidelines on what can be done with your medical data and puts harsh penalties on people who violate its statutes. The penalties can be as high as $50,000 per violation as well as the threat of criminal charges and jailtime for negligence.
The healthcare industry would profit handsomely if it sold your medical information, but those companies are not allowed to do so, simple as that. Now, a law modeled after HIPAA could place similar regulations on how our data can be collected and used in the tech realm. For instance, if your online data were protected to the same degree as your healthcare information, Facebook would face a fine of over $1 trillion, extrapolating from the 2.2 billion users who've had their information scraped.This would almost certainly lead to Facebook declaring bankruptcy. The company likely would have taken a less lackadaisical approach to security if it feared these kinds of repercussions.
The Facebook Face-off
Should a company like Facebook abuse the trust we placed in them, there should be financial consequences – which, at the end of the day, are the only consequences that seem to matter today. The reparations should be so large as to be an existential threat to the corporation. This would ensure that it is no longer in the fiduciary responsibility of the corporate board to pursue unethical behavior for greater profits. The truth is, now that technology services have become such essential tools in our everyday lives, we must have a standardized, mandated set of regulations that limits use of our data.
There is no reason tech companies shouldn’t have restrictions similar to HIPAA placed on them. To become a sustainable industry, tech companies need to find revenue streams that don’t rely on selling access to your data. If a business model violates a fundamental human right – not to mention threatens the integrity of our democracy itself – then it probably isn’t a good business, no matter how convenient or profitable.
Having access to every inflection point in your life allowed technology companies to paint a shockingly accurate portrait of nearly every person in the United States. They then sold that content without caring who paid for it, and the consequences have been catastrophic. We cannot, nor could we ever, rely on corporations to do the right thing. Make no mistake: If we do not assert our right to privacy, it will not be given to us.