April 2, 2018

USA: Obama Campaign Used The Very Same Data-Mining Feature On Facebook That Cambridge Analytica Did. Facebook Didn't Stop Obama Campaign Once They Realized What They Were Doing.

The Washington Post
written by Elizabeth Dwoskin and Tony Romm
Monday March 19, 2018

SAN FRANCISCO — Facebook last week suspended the Trump campaign’s data consultant, Cambridge Analytica, for scraping the data of potentially millions of users without their consent. But thousands of other developers, including the makers of games such as FarmVille and the dating app Tinder, as well as political consultants from President Barack Obama’s 2012 presidential campaign, also siphoned huge amounts of data about users and their friends, developing deep understandings of people’s relationships and preferences.

Cambridge Analytica — unlike other firms that access Facebook’s user data — broke Facebook’s rules by obtaining the data under the pretense of academic use. But experts familiar with Facebook’s systems and policies say that the greater problem was that the rules for accessing the social network’s information trove were so loose in the first place.

Facebook chief executive Mark Zuckerberg in 2007 invited outside developers to build their businesses off Facebook’s data, giving them ready access to the friend lists, “likes” and affinities that connect millions of Facebook users. Practically any engineer who could persuade a Facebook user to download an app or to sign into a website using Facebook’s popular “log-in through Facebook” feature would have been able to access not only the profile, behavior and location of that Facebook user but also that of all the user’s Facebook friends, developers said.

Such information can be extremely valuable to marketers and political campaigns for tailoring messages, ads and fundraising pitches. As long as the developers didn’t misrepresent themselves, Facebook allowed the data to be stored on developers’ databases in perpetuity.

Facebook changed its policy in 2015 after concerns about misuse of data by third parties and a shift in strategy tied to its relationships with developers.

The question of what Facebook permitted — and how everyday users understood those permissions — is under a new spotlight in the wake of the Cambridge revelations. In that case, the 270,000 people who downloaded an app authorized an academic working with Cambridge Analytica to collect their data. But Cambridge Analytica was able to vacuum up data from millions more people, analysts estimate, without their permission through the friends lists of the initial group.

On Monday, Facebook said it will audit Cambridge Analytica to determine whether the company had deleted the data it took inappropriately.

Cambridge Analytica did not respond to requests for comment Monday. Over the weekend, the firm said it “fully complies with Facebook’s terms of service.”

Congressional calls for Facebook officials to testify on Capitol Hill grew louder and more bipartisan Monday as lawmakers demanded that the tech giant explain how Cambridge Analytica obtained its data. The increasingly sharp and personal tenor of the requests, many of which sought an appearance by Zuckerberg, raised the odds of a fresh round of potentially contentious hearings — after Facebook defended itself in fall hearings about Russian ma­nipu­la­tion of its site connected to the 2016 election.

“While Facebook has pledged to enforce its policies to protect people’s information, questions remain as to whether those policies are sufficient and whether Congress should take action to protect people’s private information,” Sens. Amy Klobuchar (D-Minn.) and John Neely Kennedy (R-La.) wrote in a joint letter to Sen. Charles E. Grassley (R-Iowa), chairman of the Senate Judiciary Committee.

A spokesman for Grassley said the senator had not decided whether to hold a hearing.

Facebook’s shares closed down 6.8 percent on Monday, at their lowest price in several weeks.

Cambridge Analytica obtained the data through a psychological testing app, called Thisis­yourdigitallife, that offered personality predictions and billed itself on Facebook as “a research app used by psychologists.” Facebook said 270,000 people downloaded the app. That allowed the collection of data on 50 million “friends,” the New York Times and the Observer of London have reported.

“Facebook made it easy for app developers to collect users’ friends’ data,” said Nick Soman, an entrepreneur who collected the locations of Facebook users’ friends to enhance his social app LikeBright, which no longer exists.

Facebook did not conduct an audit of Cambridge Analytica in 2015 when the violations were first discovered, according to Facebook. Instead, it asked Cambridge, the psychologists and an affiliate company to promise it would delete the ill-gotten information.

“The model was to build and grow and figure out monetization,” said Sandy Parakilas, a former Facebook operations manager who oversaw developers’ privacy practices until 2012. “Protecting users did not fit into that.” Parakilas, as well as a contractor who worked on these issues at Facebook until 2016, said that Facebook did not conduct a single audit of developers during their tenures.

The Federal Trade Commission and European regulators had reviewed and were familiar with the company’s data policies at the time, Facebook said Monday. The company says that any user who downloaded an app or used the sign-on feature had to agree to a permissions screen that said, “This app will receive the following info: your public profile, friend list, birthday, groups, current city, photos, and personal description and your friends’s birthdays, photos, and likes.”

But two former FTC officials said that Facebook’s allowing the psychologist to take so much data about a person’s friends could constitute a violation of a 2011 consent decree with the agency.

Under that agreement, Facebook is required to notify and get explicit permissions from users before data about them is shared beyond the privacy settings that they have established. The fines for breaking the consent decree are $40,000 per violation, which could add up to billions of dollars if the estimated 50 million users whose data was taken by Cambridge were taken into account. The FTC declined to comment.

Facebook has denied violating the consent decree. “We reject any suggestion of violation of the consent decree,” Facebook said in a statement to The Washington Post late Saturday. “We respected the privacy settings that people had in place. Privacy and data protections are fundamental to every decision we make.”

David Vladeck, a former director of the FTC’s Bureau of Consumer Protection, said that because the practice of collecting friend data went well beyond Cambridge, “that in itself may be a serious problem, especially given the language of the consent decrees, which differentiates between users and others.”

Sen. Richard Blumenthal (D-Conn.) urged the FTC on Monday to investigate Facebook. “FTC should immediately investigate and sanction apparent breach by Facebook of its 2011 agreement guaranteeing protection of consumer info — now a hollow promise,” Blumenthal wrote on Twitter.

Facebook once appeared to acknowledge that some data collection by developers ran counter to the expectations of Facebook users. In a 2014 news release announcing new restrictions to its developer policies, a Facebook executive wrote, “We’ve heard from people that they are often surprised when a friend shares their information with an app.” That admission may indicate that people had not been given adequate understanding of how their data and their friends’ data were used by third parties.

Facebook “goes into this endless hairsplitting that people should have known,” said Marc Rotenberg, president and executive director of the Electronic Privacy Information Center, a nonprofit advocacy group that has brought privacy cases before the FTC. “No one could have known that their friends were disclosing their personal data on their behalf. It’s entirely illogical, and it breaks the consent law.”

Facebook has the ability to ban, sue, warn or audit developers of apps who break their policies. The social network has occasionally cracked down: In 2014, Facebook blocked two advertising partners, HasOffers and Kontagent, for violating policies on retaining customer data and failing to notify partner companies about their data collection practices.

In 2011, Carol Davidsen, director of data integration and media analytics for Obama for America, built a database of every American voter using the same Facebook developer tool used by Cambridge, known as the social graph API. Any time people used Facebook’s log-in button to sign on to the campaign’s website, the Obama data scientists were able to access their profile as well as their friends’ information. That allowed them to chart the closeness of people’s relationships and make estimates about which people would be most likely to influence other people in their network to vote.

“We ingested the entire U.S. social graph,” Davidsen said in an interview. “We would ask permission to basically scrape your profile, and also scrape your friends, basically anything that was available to scrape. We scraped it all.”

FarmVille’s developer, Zynga, and Tinder did not immediately respond to requests for comment.
The Daily Signal
written by Hans von Spakovsky
Wednesday March 28, 2018

Controversy continues to swirl around how the consulting firm Cambridge Analytica obtained personal data from over 50 million Facebook users without their knowledge and used it to target ads to individuals in an effort to help Donald Trump be elected president in 2016.

But a more serious case of apparent misconduct involves Facebook data going to a different presidential campaign—this time in 2012. In this case, which is getting far less attention, Facebook reportedly voluntarily provided data on millions of its users to the re-election campaign of President Barack Obama.

If true, such action by Facebook may constitute a major violation of federal campaign finance law as an illegal corporate campaign contribution. The matter should be investigated by the Federal Election Commission—an agency I am quite familiar with, because I served as one of its commissioners from 2006 to 2007. The commission enforces campaign finance laws for congressional and presidential elections.

A federal law bans corporations from making “direct or indirect” contributions to federal candidates. That ban extends beyond cash contributions to “any services, or anything of value.” In other words, corporations cannot provide federal candidates with free services of any kind.

Under the Federal Election Commission’s regulations, “anything of value” includes any “in-kind contribution.” For example, if a corporation decided to offer a presidential candidate free office space, that would violate federal law.

Corporations can certainly offer their services, including office space, to federal campaigns. But the campaigns are required to pay the fair market value for such services or rental properties.

According to Carol Davidsen, the former media director for Obama for America, Facebook gave the 2012 Obama campaign direct access to the personal data of Facebook users in violation of its internal rules, making a special exception for the campaign.

The Daily Mail, a British newspaper, reported that Davidsen said on Twitter March 18 that Facebook employees came to the campaign office and “were very candid that they allowed us to do things they wouldn’t have allowed someone else to do because they were on our side.”
The type of data that the Obama campaign was mining from Facebook is a more sophisticated version of the type of data that has long been provided by professional direct mail marketers—something pioneered by Richard Viguerie.

Viguerie, for example, has detailed personal data on “12 million conservative donors and activists” to whom his company sends letters and emails on behalf of his clients. He provides information to campaigns looking for votes and money, and to nonprofit and advocacy organizations raising funds.

Political campaigns must pay for these services. Under a Federal Election Commission regulation, giving a mailing list or something similar to a campaign is considered an “in-kind contribution.”

So if Facebook gave the Obama campaign free access to this type of data when it normally does not do so for other entities—or usually charges for such access—then Facebook would appear to have violated the federal ban on in-kind contributions by a corporation. And the Obama campaign may have violated the law by accepting such a corporate contribution.

What about the story currently in the news about Cambridge Analytica using Facebook data for the Trump campaign?

The important legal distinction may be in the way the data were obtained. Fox News reported that the Trump campaign hired Cambridge Analytica to do political research on voters and reportedly to “help the campaign target specific voters with ads and stories.”

The real controversy now involving the Trump campaign deals with exactly how Cambridge Analytica obtained the data it used for the campaign. A CNBC report says that Cambridge Analytica bought the data from Aleksandr Kogan and his company, Global Science Research, which obtained the data through an app and a psychological test taken by Facebook users.

The amounts paid by the Trump campaign to Cambridge Analytica for its services—and the use of the Facebook data—are listed in its spending reports filed with the Federal Election Commission.

This proves that the Trump campaign paid for services in the same way that campaigns routinely hire and pay direct mail marketers. So the Trump campaign did not get an illegal corporate contribution from Cambridge Analytica or Facebook when it received free access to very valuable data.

Whether or not Global Science Research and Cambridge Analytica violated any Facebook rules regarding this data is not the responsibility of the Trump campaign. From the standpoint of federal campaign finance law, the Trump campaign met its obligation to pay for and report this spending and did not violate the ban on corporate contributions.

However, whether or not the Obama campaign and Facebook violated this ban is an open question. It should be investigated by the Federal Election Commission and potentially the Department of Justice. The commission handles most routine violations of the law, which are civil matters. The Justice Department is responsible for investigating knowing and intentional violations of the law, which are criminal matters.

Although the statute of limitations may have already run out on this conduct by the Obama campaign, one thing seems certain: Davidsen’s admissions should provide a sufficient basis for opening a federal investigation of what may have been a serious violation of the law by the Obama campaign.

No comments: