Do you remember Cambridge Analytica?
The exploitation of the data of more than 87 million Facebook users, the election campaigns based on "microtargeting", whistleblowers, Mark Zuckerberg's testimony to the US Congress, the possible invalidation of Donald Trump's election in 2016 and the result of the Brexit Referendum...
It seems a long time ago, but can we say that we have left behind the problems behind the scandal that in 2018 arose around the British political and electoral consulting society? Not exactly, because the core of Cambridge Analytica's activities was based on a subject that is still debated today in its not being sufficiently legislated, namely that of Big Data.
Big Data that we all produce in abnormal quantities every day are collected (according to specific conditions and regulations of use), analyzed, processed and exploited in all the online activities with which we interface. Barack Obama was the first to make systematic use of them in the context of a political election, and since then their potential use has grown out of all proportion and has increasingly interested the dynamics and logic behind the election campaigns of political candidates around the world. In this sense investigating the link between politics and Big Data has been and is a source of debate, in a context where instrumental use of massive amounts of information can have significant consequences within our democracy, such as the manipulation of voters' thinking, as the case of Cambridge Analytica has shown.
In the face of growing public concern about the consequences that over-exploitation of digital users' personal data can have, it seems necessary that regulatory action be taken both by technology companies and by national and international legislative bodies.
So let's ask ourselves, have governments and Big Techs put forward a concrete solution to this demand for transparency? And if so, how confident can we be that in the United States in 2020 these risks related to Big Data have been fully mitigated?
The turning point of Facebook's "data policy"... more or less
In developing a system of "behavioral microtargeting", the foundation of Cambridge Analytica's work for years was based on aggregated data bought from specific "brokers". This is the case of Aleksandr Kogan. A researcher at the University of Cambridge, Kogan contributed to the success of the British Society by selling a huge amount of Big Data collected on Facebook thanks to the "thisisyouridigitallife" App, which works quite simply. Based on their online digital activity, users registered to the App would receive a detailed psychological profile of their person, while consenting to the release of the information contained in their profile.
It was the sharing of such information with third party companies, and not the practice of data collection itself, that constituted a violation of Facebook's rules and regulations, in fact at the time completely lawful and in line with the conditions of use of the platform. This provision, which allowed a disproportionate collection of information without any criteria of transparency towards users, together with a superficial control that the rule of non-shared data had been respected, represented the nerve center of the scandal and the subsequent process.
Mark Zuckenberg was called to the US Congress for a parliamentary hearing on the matter. On that occasion, the CEO admitted the mistake and promised the American citizens more control and security. Also through the use of specific artificial intelligence tools, Zuckenberg announced that more in-depth investigations would be carried out on the thousands of Apps of the platform for the detection of suspicious activities, which would be banned and directly warned of all users whose privacy may have been violated. According to Zuckenberg, particular attention would be paid to the use of users' personal data in the vicinity of campaigns and political elections.
So how is Facebook's data policy structured today?
Clearly the Cambridge Analytica case has shown the full extent of the shortcomings of such management and has weakened Facebook's credibility, also showing that the regulations of a private company are probably not enough to control an issue as big as the management of the privacy of millions of citizens, which leads us to another question: since 2016, how has the US legislation on Big Data changed?
The first movements within the American Congress: what has been done to change the Big Data Act in the USA?
The right to privacy is not a right directly expressed in the American Constitution. Despite this, the Supreme Court and several legislative acts in force to justify measures in the field of privacy, have often referred to the Ninth Amendment, which protects the individual rights of the citizen as not fully explained in the Constitution.
Certainly important legislative foundations in the area of privacy are the Federal Trade Commission Act of 1914, the Health Insurance Portability and Accountability Act of 1996, the Fair Credit Reporting Act of 1970, the Family Educational Rights Act and the United States Privacy Act of 1974. But the bottom line is that there is still no targeted legislation at the federal level that sets data privacy standards.
However, some steps have been taken in several federal states, which in the complex U.S. legislative system, while it may create a fragmentation of the law, it may also pave the way for similar legislation in this area, especially given the size and commercial economic role of the state in question.
What happened in the US Congress after the Cambridge Analytics scandal?
It must be admitted that the U.S. Congress and the classrooms of the Federal Trade Commission, the U.S. agency established to protect consumer rights, in recent years have increasingly hosted discussions on issues of Big Data Legislation. Particular attention has been paid to the Data Security and Breach Legislation, originally proposed in 2014 by Democrats, which is still under discussion at the federal level to require companies and administrations to notify consumers or citizens if their personal information is violated. All this within a regulated standard IT security system that would ensure continuous control over how users' personal data is handled.
In general, therefore, yes, some work has been done and the federal legislative process takes time, but there is still a long way to go to a federal legislation that harmonizes the different approaches of the federal states to the issue and that legislates in an organic way an issue that is becoming increasingly relevant to the society in which we live.
In this respect, the United States would do well to keep an open eye towards the European Union. Drawing from a very peculiar history in the field of privacy and control of citizens, Europe has in fact advanced in 2018 a structured and consistent legislation on Big Data. The entry into force of the GDPR (General Data Protection Regulation) has seen the European Union tighten the rules on privacy for both public administrations and private companies, thus raising international standards for the protection of personal data.
And at this round? How much is the use of Big Data affecting the US 2020 presidential race?
Recently Christopher Wylie, the famous computer expert and whistleblower at Cambridge Analytica, has warned several times that the Big Data models used by CA (and therefore the foundations of the illegal activities carried out) still exist today. Wylie thus confirmed that, although there has certainly been intense public debate, there is still a long way to go in the United States to achieve a sufficient level of protection of citizens' personal data.
Equally concerned was Brittany Kaiser, former Director of Business Development at Cambridge Analytica, who has become a whistleblower, a political activist on Big Data and Co-Founder of the Own Your Data Foundation. Kaiser describes an even worse scenario than 2016 where markets for "brokering" user data to external companies not only did not stop, but multiplied.
So the question we need to ask ourselves is: how much are the dynamics that potentially favored Donald Trump's election in 2016 affecting the 2020 presidential race?
Despite whistleblowers' statements, assistants to the President in 2016 and 2020 denied and still deny using Facebook data held by Cambridge Analytica for their election campaigns. However, the fact that Donald Trump chose Matt Oczovsky, former product manager at Cambridge Analytica, to oversee the data program for the current election campaign certainly did not give good signals, and indeed alarmed the President's opponents and critics.
To sum up.
The vote on November 3 is an important test to quantify the legislative and - within certain limits - moral changes that have occurred after the scandal that exploded in 2018. Certainly linked to the big data issue are the famous "fake news" and the great debate about whether and how private digital platforms such as Facebook or Twitter should handle such online misinformation and how online advertising for political campaigns can get to manipulate voters and polarize public opinion. Unfortunately, we cannot go into this.
There are many open scenarios, specific regulations are still missing both at the level of technology companies and at the level of national law, making it very likely that cases such as Cambridge Analytica are still heard about.
So, what can I do?
It is normal to feel powerless in the face of such large and radical phenomena, and it can be instinctive a feeling of regurgitation towards digital and technology. But this does not eradicate the problem; it just risks neglecting the many opportunities and advantages that the Web and Social Media offer for problems that we are not defenseless.
There is civic and political activism, but even before that there is the action of the individual in understanding the dynamics of an increasingly digitalized society in order to manage it with consciousness.
Cultivating one's own "digital literacy", informing oneself about one's rights on the Web and how one's data is managed is already an extremely important first step to become aware online users, and therefore more aware citizens. This is where it begins.
Translated by Noemi Monaco
The sources used for this article are freely available:
- Targeted: Trump, and Facebook Broke Democracy and How It Can Happen Again, Brittany Kaiser, 10/2019;
- It’s 2020. And the Cambridge Analytica story? It’s growing… | Make Me Smart #145 | Brittany Kaiser, Market Place, 15/01/20, https://www.youtube.com/watch?v=-tq4ctZ8tIc ;
- Big Data, Privacy, And The Law: How Legal Regulations May Affect Pr Research, Institute for Public Relations, 11/06/18, https://instituteforpr.org/big-data-privacy-and-the-law-how-legal-regulations-may-affect-pr-research/;
- Data Protection Act 2018, UK Legislation, https://www.legislation.gov.uk/ukpga/2018/12/pdfs/ukpga_20180012_en.pdf;
- Big Data: a tool for inclusion or exclusion, FTC Report, 01/2016, https://www.ftc.gov/system/files/documents/reports/big-data-tool-inclusion-or-exclusion-understanding-issues/160106big-data-rpt.pdf;
- Privacy, Big Data, And The Argument For U.S. Federal Privacy Legislation, Above the Law, 05/08/19, https://abovethelaw.com/2019/08/privacy-big-data-and-the-argument-for-u-s-federal-privacy-legislation/?rf=1;
- California is bringing law and order to big data. It could change the internet in the U.S., NBC News, 13/05/19, https://www.nbcnews.com/tech/tech-news/california-bringing-law-order-big-data-it-could-change-internet-n1005061;
- Big Data Analytics and Predicting Election Results, Data Science Foundation, 01/04/19, https://datascience.foundation/sciencewhitepaper/big-data-analytics-and-predicting-election-results;
- Due anni dopo lo scandalo di Cambridge Analytica, torna Wylie: «La disinformazione non si è fermata: elezioni Usa a rischio», Open Online, 20/09/20, https://www.open.online/2020/09/20/cambridge-analytica-christopher-wylie-libro-intervista/;
- Usa 2020, così i colossi del web si preparano alle elezioni di novembre, Open Online, 13/09/20, https://www.open.online/2020/09/13/usa-2020-cosi-i-colossi-del-web-si-preparano-alle-elezioni-di-novembre/ ;
- Elezioni Usa 2020, Facebook: «Un altro caso Cambridge Analytica è impossibile», Corriere della Sera, 30/09/2020, https://www.corriere.it/tecnologia/20_settembre_30/elezioni-usa-202o-facebook-un-altro-scandalo-cambrige-analytica-impossibile-248868ae-02f7-11eb-a582-994e7abe3a15.shtml;
- Presidenziali 2020, Trump assume un ex boss di Cambridge Analytica, ItaliaOggi, 19/02/20, https://www.italiaoggi.it/news/presidenziali-2020-trump-assume-un-ex-boss-di-cambridge-analytica-202002191702314912 ;
- Senate Democrats Introduce Data Security and Breach Notification Act of 2014, Inside Privacy, 18/02/14, https://www.insideprivacy.com/uncategorized/senate-democrats-introduce-data-security-and-breach-notification-act-of-2014/;
- 2020 Security Breach Legislation, NCSL, 17/07/20, https://www.ncsl.org/research/telecommunications-and-information-technology/2020-security-breach-legislation637299951.aspx;
- Mark Zuckerberg Testimony: Senators Question Facebook’s Commitment to Privacy, The New York Times, 18/04/20, https://www.nytimes.com/2018/04/10/us/politics/mark-zuckerberg-testimony.html;
- S. Rept. 111-290 - DATA BREACH NOTIFICATION ACT, Congress Gov, https://www.congress.gov/congressional-report/111th-congress/senate-report/290/1?s=1&r=42.
- Link immagine: https://www.freepik.com/free-vector/abstract-low-poly-connection-lines-digital-technology-background_8562956.htm#page=1&query=big%20data&position=20