Part I: What Happened?
Privacy in the digital age is a very tricky issue. What one person might see as an outrage-provoking invasion of it could just as easily be seen by others as a valuable service.
A personal example to illustrate:
As a frequent flyer, I always made it a habit to inform my credit card issuer, Citibank, when I was going to be on the road. I began doing this following an embarrassing incident when my card was declined at a restaurant because, as I found out later, using it in one city when I lived in another raised an algorithmic red flag somewhere. (Why it happened that one time and none of the other 400 times I’d used the card in another city was never explained to me — security-related matters rarely are — but I’m sure some programmer somewhere had a very good reason.)
About two years ago I got a very surprising and somewhat disconcerting email from Citi prior to a trip. It cheerfully informed me that that there was no need to alert them to my upcoming travel plans because, by golly, they already knew I was going to be in Switzerland for a week in February. Seems that I’d paid for the plane tickets using my Citi credit card, so the bank logically assumed I’d be overseas during that period and did me the service of noting that in their records.
Kind of neat, except… who gave American Airlines permission to tell Citi my exact travel plans, including city and dates and, for all I know, the airports and flight numbers? They don’t need any of that information to process the payment.
I felt outrage begin to launch. Neither of those two companies ever asked me for permission. Had I perhaps given it implicitly? I remembered that my Citi card is tied in with my American Airlines frequent flyer account. I not only get mileage credit for the miles flown, but for the money I spend on the tickets. Still, what was the need for the airline to pass itinerary information to the bank?
Obviously, it was for a service that I’d never asked for. As I began hunting around for ways of venting my ire, I stopped when something occurred to me: Say, this is a pretty neat service. How many times had I forgotten to notify the bank that I’d be traveling? Maybe I should just pipe down and take advantage of it.
Problem is, I don’t know what else Citi is doing with those data. Are they selling it to merchants who might pummel me with targeted advertising (“Great places to bowl in St. Moritz!”)? And what other information are they gathering and peddling? If I buy a book on Amazon.com about the history of the Glock 9, do they sell that information to the NRA so they can try to get me to become a member?
Despicable, right? Unless I was planning to do some bowling in St. Moritz or think maybe joining the NRA could be cool. Then it’s a valuable service. I’m not at all comfortable about a bank rooting through details that are not relevant to the processing of a payment but — God help me if this comes back to bite me — after thirty years of good relations with American and Citi, I trust them both so I decided to let it go.
What do you think? Are these companies evil or customer-oriented? Do you think I’m an idiot for letting them get away with it? You’d never be that dumb, right?
Well, guess what. If you use Gmail, Google is poring through your emails for clues about what they and their marketing affiliates can sell you. If you’ve ever taken a cute online quiz like “Answer these ten questions to learn if your sex life is normal” or “A quick quiz to assess your borrowing power,” you just told some company more about your sexuality and your finances than you’d tell your own twin.
And if you use Facebook, you’ve already handed that company a mountain of detailed information about yourself that is very likely to wind up in the hands of people who will use it in ways you may not care for.
Information may be power, but information about you is money. A lot of it. And it’s being sold around the globe in ways that nobody can stop because you handed it over willingly, even if unknowingly.
What Happened at Facebook?
Full disclosure: I don’t use Facebook and never have. When the service began taking off, I remember asking myself a simple question: Why would a company spend hundreds of millions of dollars providing a service that was absolutely free? Where was the money in that?
One source was obvious: They would advertise to their users.
One source was less obvious: Their users, by posting personal information online, were handing Facebook an enormous amount of data that they wouldn’t ever provide if they were asked for it outright. Because everybody thought, “I’m just putting it out there for my friends to see.”
Nobody thought, “I’m giving Facebook everything there is to know about me and I have no notion whatsoever what they’re going to do with it and maybe I ought to stop for a minute and give that some thought.”
Here, in non-technical terms, is what was revealed a couple of weeks about the Facebook-Cambridge Analytica connection.
Cambridge Analytica (CA), founded by former Trump advisor Steve Bannon, is actually a shell for something called the SCL Group, a public relations and messaging firm that claims deep expertise in “psychological warfare” which it exploits to manipulate targeted individuals into buying into its clients’ messages. Needless to say, the more CA knows about the targets, the more persuasively it can tailor its messages.
A few years ago an academic researcher named Michal Kosinski had a theory that a lot could be learned about a person from his or her Facebook profile. He created a fun little online personality quiz (sound familiar?) that required a Facebook login. Once a user was logged in, Kosinski was able to access his entire Facebook profile, including a history of “likes.” He found that, with a very high degree of accuracy, he could tell from an average of 68 “likes” your skin color, sexual orientation, and whether you were a Democrat or Republican.
This is where Cambridge University psychology lecturer (and associate professor at St. Petersburg State University in Russia) Aleksandr Kogan comes in. He tried to buy Kosinski’s data, but the researcher wouldn’t sell. So Kogan wrote a fun little personality quiz (sound familiar?) on Facebook that looked harmless but in fact harvested a lot of information about quiz-takers based on how they responded to cleverly worded questions, along with their Facebook profiles.
It gets worse. Because of a loophole in Facebook’s software called “Friends Permissions,” which the company has known about for at least two years, Kogan’s little app also grabbed data about the quiz-taker’s Facebook friends, without any of them having the slightest idea it was happening. So while Kogan got somewhere upwards of 270,000 people to take his quiz, because of the loophole he got invaluable information on 87 million people, 72 million of them Americans and potential voters.
None of this violated Facebook policy. Selling the data to CA did. In 2015, CA’s CEO Alexander Nix, in response to a demand from Facebook, promised Zuckerberg that they’d deleted all of it. They hadn’t. Instead, Nix convinced the Trump campaign team that they could use all of that information to help swing the election, using a proprietary technique called “psychographics” in which they worked up psychological profiles of Facebook users to tailor political messages. (This is the same Alexander Nix who was caught on video bragging about how CA could use dirty tricks like staged bribery attempts and sending prostitutes to lure political opponents into compromising situations.)
Whether all of this had any influence on the 2016 presidential election (or the Brexit campaign in the UK, where CA also used psychographics based on Facebook data) has been the subject of much debate, and it’s not my intent to get into it here. Rather, I look at it as an object lesson on the dangers of blithely tossing sensitive personal information into the World Wide Hopper where anyone with a connection and half a brain can access it.
In Part II of this article, I’ll discuss the deeply troubling implications bubbling below the surface of his newly-revealed volcanic lake.
Lee Gruenfeld is a managing partner of Cholawsky and Gruenfeld Advisory, as well as a principal with the TechPar Group in New York, a boutique consulting firm consisting exclusively of former C-level executives and "Big Four" partners. He was vice president of strategic initiatives for Support.com, senior vice president and general manager of a SaaS division he created for a technology company in Las Vegas, national head of professional services for computing pioneer Tymshare, and a partner in the management consulting practice of Deloitte in New York and Los Angeles. Lee is also the award-winning author of fourteen critically-acclaimed, best-selling works of fiction and non-fiction. For more of his reports — Click Here Now.
© 2021 Newsmax. All rights reserved.