How a lax policy for third-party apps
Finally unleashed the wrath of the crowd

By TATIANA PROPHET

Remember Farmville? Mafia Wars? Flixster? How about the one that tells you what percent a$$hole you are? You probably remember consenting to sharing personal information in exchange for playing a game or getting a laugh – or being told you are the Mother of Dragons, perhaps? And you probably remember laughing at your uncle or neighbor who said “No, thanks. I don’t like putting my info out there. That's how they get you."

That sentiment is probably best expressed by the fictional character of Doug on Saturday Night Live's "Black Jeopardy," who responds to the answer "the iPhone wants your thumb print for protection" with: "What is 'I don't think so, that's how they get you.' "

The technology in question is not iPhone security, but Doug's fears are starting to sound a lot more like reality, with the bombshell St. Patrick’s Day revelations by The New York Times that a voter profiling firm had acquired personal data in 2014 that was collected with a “harmless” third-party app on Facebook.

What gave the story rocket fuel was the connection with Trump and, even worse, his erstwhile ally Steve Bannon. Another shocker: the company (according to anonymous sources) still had personal data on millions of people. Christopher Wylie, the former employee quoted in the story, left the firm in 2014. Ironically, CBS News has reported that the Trump campaign actually stopped using data from Cambridge Analytica once the nomination was secured, in favor of using the G.O.P.’s highly sophisticated database thanks to pioneering microtargeting efforts by Karl Rove (imitated later by Democrats with their VoteBuilder database).

The revelations about the intersection of Facebook and a firm tied closely to the Trump campaign is dominating the national consciousness right now, as we collectively come to grips with the idea that we are entering an age when the defense of our private information is nearly becoming a full-time job.

IT’S IN THE APPS

The thing most of us didn’t realize is that digital apps we use through the Facebook user interface have their own set of rules. So if we have locked up our privacy settings on Facebook, we still have a bunch of app settings that we also need to lock down.

In the case of Cambridge Analytica, the firm allegedly bought data from a professor at Cambridge University, Aleksandr Kogan, who had developed a personality quiz called thisisyourdigitallife. As part of a quiz, 270,000 participants linked the third-party app with their personal Facebook accounts, and Kogan was able to access their personal data and that of their friends.

In spite of your wacky uncle and neighbor (perhaps best portrayed by Tom Hanks on Saturday Night Live’s Black Jeopardy skit), most people are positively shocked at these revelations. But now we’re learning that it’s not the first time a political campaign used data mined from third-party apps to craft strategy. The first time that happened was when campaign managers used Facebook data to help re-elect President Barack Obama in 2012.

The difference was, people opted in to the Barack Obama app because they supported the candidate. The shady part was that the campaign then used their friend lists to learn valuable information about millions more voters (as many as 190 million according to some estimates).

According to Carol Davidsen who worked with the campaign, Facebook was aware of the massive friend list sweep, but it was OK because it was "our side."

Davidsen appears to be no fan of Facebook, retweeting instructions on how to delete your account.

All of this data analysis was part of a trend called microtargeting, actually begun in 2000 by G.O.P. mastermind Karl Rove, and imitated later by Democrats, in which the party builds databases of voters and analyzes their behavior to better use campaign resources for optimum success.

POSTING ON YOUR BEHALF

Most of us have a vague notion of some fine print we need to access, some boxes we need to uncheck. But it’s likely we didn’t realize the extent of just how many boxes of personal information are automatically checked, every time we consent to sharing our profile with an outside app. This can happen both when we are on Facebook, or when we are on an app like Wattpad, Yelp or Words with Friends. If we are on the app, and we want to post to Facebook from the app, we follow a “simple” procedure to effectively consent to the following (and more) being shared on the app’s public site:

Birthdate, friend list, political persuasion, work history, photos and even videos.

Even if in Facebook’s one-on-one privacy settings, you only share info with your friends, you still need to look at your “app” settings to make sure the app is not sharing the same info publicly. (See Protect Your Info).

DATA NEVER DELETED

So what does your personal information have to do with politics? It allows campaigns to figure out what states to travel to and what messages to emphasize.

The New York Times was not the first to reveal the use of data by Cambridge Analytica via middleman Kogan and his Global Research Service. It was actually the Guardian, in December 2015, and the campaign using the data was that of Ted Cruz.

After the Guardian story, the Times reports, Facebook contacted Cambridge Analytica and ordered the firm to destroy the data. But according to the St Patrick’s Day article, copies of the data have been seen at the company more recently.

Reporters Matthew Rosenberg, Nicholas Confessore and Carole Cadwalladr wrote:
“But the full scale of the data leak involving Americans has not been previously disclosed — and Facebook, until now, has not acknowledged it. Interviews with a half-dozen former employees and contractors, and a review of the firm’s emails and documents, have revealed that Cambridge not only relied on the private Facebook data but still possesses most or all of the trove.”

SELLING YOUR DATA

Privacy advocates have long suggested that when you consent to reveal your data, the holder of that data can turn around and sell it. The whole “net neutrality” issue last year centered around how the government regulates this feature. When the FCC reversed the Obama rules, they sent broadband providers like AT&T and Spectrum back to the FTC to be regulated. The FTC enforces privacy rules largely by suing and imposing penalties.

Ironically, Google and Facebook were never included in the Obama overhaul, and were still being regulated by the Federal Trade Commission. The FCC commissioner Ajit Pai, seen by many as the enemy of fairness, argued that the Obama regulations had been unfair to broadband carriers because they left Google and Facebook to be regulated the old way, creating an uneven playing field. Now we see that the biggest third-party privacy scandal to date involves a firm that was untouched by the net neutrality rules: Facebook. See Back to Facts' Battle of the Broadbands Privacy is dead: Long live privacy.

So it turns out, while everyone was freaking out about the broadband companies killing net neutrality, Facebook has been letting your data slip through its fingers.

Your wacky uncle wasn't wacky at all. He was just smart.