Facebook – Cambridge Analytica Privacy Breach Lawsuit

The lawsuit alleges that not only did Facebook allow third parties, such as Cambridge Analytica, access to vast troves of user information, it also did not do enough to prevent these third parties from misusing the information.

The complaint further explains that the “exploitation of Facebook data is not limited to elections or one actor,” and that Facebook engages in “surveillance capitalism,” regularly using its platform to “‘figure out [users’] personal psychological susceptibilities and then charge(s) advertisers to exploit them,'” according to Jennifer Cobb, coordinator of the Trustworthy Technologies research initiative. According to the complaint, “[t]he seemingly unrestricted surveillance and analysis of daily interactions and behaviors on the Facebook platform far exceeds user expectations of how personal data is used.”

The complaint proposes a class of:

All persons whose information or behavioral data was accessed, directly or indirectly, from the Facebook platform by Cambridge Analytica or other entities without the person’s consent or knowledge.

Facebook has a website in their Help section where it states users can check “to see if your information may have been shared with Cambridge Analytica by the app ‘This Is Your Digital Life.'”

If you are affected, the page may also tell you what information was shared.

The New York Times reports that Cambridge Analytica, a British data-analytics company, “improperly acquired the private data” of “roughly 50 million Facebook users, and used it to target voters on behalf of the Trump campaign during the 2016 presidential election.”

According to NYT, Cambridge Analytica acquired this data by partnering with a psychology professor, Aleksandr Kogan, to develop a Facebook application that administered a “personality test.” The application, “Thisisyourdigitallife,” paid Facebook users to answer a series of questions about themselves. To receive these funds, users had to be registered U.S. voters. All told, about 270,000 people installed the application.

By installing the application, these 270,000 Facebook users granted Thisisyourdigitallife permission to access data from their Facebook accounts, per Sandy Parakilas, a former Facebook employee.

If you were among the 270,000 app users, you may not have realized that “[a]t the time … Facebook also allowed [app] developers to access your friends’ data, even though those friends had never agreed to connect to the app,” says Parakilas. As a result, the Thisisyourdigitallife application could access “friends’ status updates, check-ins, location, interests and more,” according to TechCrunch.

Professor Kogan used Thisisyourdigitallife to harvest the private information of roughly 50 million individuals who were Facebook friends with one of the app’s 270,000 users, the NYT says. Cambridge Analytica paid Kogan $1 million for data harvesting, according to The Guardian.

In a statement, Facebook said that this situation is not a “data breach” because “Kogan gained access to this information in a legitimate way and through the proper channels that governed all developers on Facebook at that time.”

But, Facebook noted, Kogan passed the data to an unauthorized third party, who was not permitted to receive it. Facebook’s “platform policies” at the time prohibited app developers from sharing data with third parties, such as Cambridge Analytica.

Although Cambridge Analytica received 50 million people’s raw Facebook data, only 30 million had shared enough information with Facebook to serve Cambridge Analytica’s purposes, says the NYT.

Cambridge Analytica used the information on these 30 million people to construct psychological profiles on these individuals, according to the New York Times. By analyzing what people “Liked” on Facebook, The Guardian reports, Cambridge Analytica could deduce “information about sexual orientation, race, gender, even intelligence and childhood trauma.”

Cambridge Analytica used these psychological profiles to determine who was likely to be swayed and by what type of messaging would sway them, according to an interview by The Guardian.

In 2016, Cambridge Analytica used its psychological profiles to perform a “variety of services” for the Trump campaign, including “designing target audiences for digital ads and fundraising appeals, modeling voter turnout, buying $5 million in television ads and determining where Mr. Trump should travel to best drum up support,” according to the NYT.

In private, Cambridge Analytica has bragged that its services were behind Trump winning the election, according to the UK’s Channel 4 News.

When Facebook discovered in 2015 that Aleksandr Kogan and Cambridge Analytica had scraped profiles of millions of Americans, Facebook did nothing more than ask Kogan and Cambridge Analytica to check a box saying they had deleted the data, as Facebook itself admits in a March 16, 2018 statement. Cambridge Analytica checked the box, certifying that it had deleted the data, and under inquiry from the UK parliament, Cambridge Analytica’s CEO said that the company had never relied on its trove of Facebook profiles.

But Christopher Wylie, former Cambridge Analytica employee, says that the company checked the box, but never deleted the data. The NYT confirmed based on “[i]nterviews with a half-dozen former employees and contractors, and a review of the [Cambridge Analytica’s] emails and documents,” that Cambridge Analytica “still possesses most or all of the trove” of Facebook data.

A former Facebook privacy officer, writing in the Washington Post, said that Facebook never did more than ask companies to delete data when it discovered a privacy violation. This privacy officer stated, “[D]ata protection issues happened regularly during my tenure” at Facebook, and while Facebook contacted “many developers and demanded compliance,” it never conducted “a single audit of a developer where [Facebook] inspected the developer’s data storage” to confirm the data was deleted.

According to TechCrunch, “It was always kind of shady that Facebook let you volunteer your friends’ status updates, check-ins, location, interests and more to third-party apps,” without your friends being notified. TNW explains:

“When signing on to a new app, Facebook users are often confronted with a disconcerting choice — let Facebook access information about hundreds of your closest friends without their knowledge or permission — or perhaps just give up that particular product or service.”

Amid “privacy concerns, Facebook “shut down the Friends data API” in 2015, says TechCrunch. Facebook’s APIs, which stand for “application programming interface,” control how application developers can interact with the Facebook platform. The Friends data API was a feature that gave application developers access to data belonging to users’ friends.

Aleksandr Kogan obtained his data trove on 50 million Americans before Facebook removed the Friends data API feature, according to NYT.