It’s just that the vast majority of users either didn’t really know it wasn’t private or didn’t really care. As a Facebook spokesperson reiterated to the New York Times, “No systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked.”Įssentially, the data that CA took from Facebook - mainly information gleaned from user profiles and interests - wasn’t private to begin with, not really. All of the information collected by the company was information that Facebook had freely allowed mobile developers to access.Īnd technically, anyone who used third-party Facebook apps a lso could have found out that they were allowing those apps to see data from their friends’ profiles. However, reports calling CA’s data harvesting a “leak,” a “hack,” or a serious violation of Facebook policy are all incorrect. This access came with the stipulation that such data couldn’t be marketed or sold - a rule CA promptly violated.įacebook bears a huge amount of culpability for allowing CA to get its data to begin with. Using a personality profiling methodology, the company - formed by high-powered right-wing investors for just this purpose - began offering its profiling system to dozens of political campaigns.ĬA was able to procure this data in the first place thanks to a loophole in Facebook’s API that allowed third-party developers to collect data not only from users of their apps but from all of the people in those users’ friends network on Facebook. The Facebook breach wasn’t a hackīetween 20, Cambridge Analytica harvested profile data from millions of Facebook users, without those users’ permission, and used that data to build a massive targeted marketing database based on each user’s individual likes and interests. As a result, we now have even less room for plausible deniability about a problem we are lately frequently confronting: a failure to anticipate how technology meant to work on an individual level might be repurposed or exploited when scaled up to apply to millions. What is new is that, essentially, major news outlets have taken two stories - what Cambridge Analytica did, and what Facebook knew about what CA did - and pieced them together into a report that spawned immediate concern from the public and a swift response from Facebook. Not even the specific number of 50 million accounts is new: Cambridge Analytica’s chief researcher has been boasting about having a 50 million-person sample size in his data sets since 2014, at least.Īnd we’ve even known, since 2015 or so, that, as Tech Crunch put it, “ it was always kind of shady that Facebook let you volunteer your friends’ status updates, check-ins, location, interests and more to third-party apps.” In fact, we’ve known most of the details concerning CA’s massive data research, and the use of that research in political campaigns, for several years thanks to a 2015 Guardian article, a viral 2016 article in Das Magazin (later published by Vice), and a March 2017 article by the Intercept. Or, more accurately, we might say that “news” “broke.” News broke over the weekend of March 17 that Cambridge Analytica (CA), a data analytics firm that worked with Donald Trump’s election campaign, had extracted Facebook data from 50 million user accounts. The official total, as revealed by Facebook in April, stands at 87 million users. Update: The claim that 50 million Facebook accounts had been affected by the Cambridge Analytica breach has been revised.