Question

5. Discuss the manner in which user data was obtained by Cambridge Analytica. The company continues to argue that there was no data breach and that users provided permission for their data to be harvested. Discuss the company’s position and what was the responsibility of the FTC in enabling this breach to occur?
6. According to the case, what are the governance problems at Facebook? For instance, consider the shareholdings, board memberships and also the fact that Zuckerberg is both Chairman and CEO of the company. How does this compare with other companies and with best practice in industry?

11. The Facebook breach and its consequences demonstrate the very real ethical dilemmas that the Internet pose for the information rights of citizens. Consult pages 125 – 127 of your textbook and discuss what are information rights and two laws that aim to protect those rights where Facebook was guilty of breaching these laws.                

Answer 1

Cambridge analytics gained access to data in the following manner:

Facebook provides software developers a range of development solutions and one of the most common is Facebook Login, which helps users to automatically sign in to a website or device with their Facebook account rather than generating new passwords. Users do it because it is easy — typically single or two taps — and removes people's need to recall a lot of complicated combinations of usernames and passwords.
However, when people use Facebook Username, they send a variety of details from their Facebook profile to the creator of the app-items like their username, position, email, or friends list. This was what occurred in 2014 when a professor at the University of Cambridge named Dr. Kogan developed an app named "thisisyourdigitallife" which used the login function of Facebook. Some 270,000 individuals used Facebook Login to build accounts and thus decided to share personal details with Kogan about their profiles.
However, back in 2014, Facebook has enabled developers to gather some information from users who used Facebook Username on friend networks. That implies that although a specific user might have decided to pass on their details, developers may also be able to access any of their friends' records. It was not a mystery — Facebook claims it was reported in their terms and conditions — but it has now been changed so that it can no longer be achieved, at least not with the same amount of detail.

According to the Times, Kogan was able to access data from about 50 million Facebook users for some 270,000 people who have opted in. The data archive may have contained information about the positions and interests of individuals, and more granular items such as images, status updates, and check-ins.

The Times found that the data from Cambridge Analytica for "about 30 million [people] provided enough detail, like domiciles, that the firm could link users to other documents and create psychographic profiles," much as Facebook wanted to do. All of this processing of data followed the rules and guidelines for the organization.

Once Kogan exchanged the information with Cambridge Analytica, issues were complicated. Facebook claims that this is against the terms of service offered by the company. According to these guidelines, developers are not allowed to "send any data you collect from us (including private, consolidated or generated data) to any advertisement network, data broker, or other advertisement or monetization-related service." As Stamos tweeted Saturday (before deleting the tweet later): "Kogan has not hacked into any program, bypassed any technological controls, our use of vulnerability throughout our platform is not allowed. He did exploit the data after he received it, though, but it doesn't make it a 'breach' retroactively." The issue here is the Facebook offers a lot of trust to developers who use its tech tools. The terms of service of the business are an arrangement in the same manner as any user decides to use Facebook: the rules are a promise that can be used by Facebook to threaten someone, but not before anyone breaks the laws.

In this era of database sharing, Facebook isn't alone. Global smartphone platforms such as iOS and Android require developers to get permission to obtain contact lists from users. Twitter has a Facebook Authentication-like authentication feature and so do Google and LinkedIn.

Facebook still claims that the data hasn't been breached. And the FTC is responsible because:

The draft consent order from FTC for the people responsible for the violation of Cambridge Analytica, which affected 87 million Facebook users, and likely the result of the Brexit referendum. The violation of Cambridge Analytica may have been avoided if Consent Decree had been followed by the Commission. Following the 2011 Consent Order, the FTC learned about Facebook's inappropriate exchange about personal information with third-party developers.

The governance problems are that Facebook puts too much trust in its third-party developers for having access to user data.

If Zuckerburg wouldn't have been holding both the positions, then it might have been different. It might be that the company wouldn't have allowed third-party developers to have access to so much of user data.

Information right is Right to privacy and the two laws that are governing it are:

• Federal Trade Commission Act
• Federal Electronic Communications Privacy Act (ECPA)