Cambridge Analytica story affects us all
If you exist, it’s basically impossible for you not to be producing digital data that is harvested
Part of the insidiousness of the Cambridge Analytica/Facebook story is that some people still firmly believe the revelations have nothing to do with them.
This misguided line of thinking runs in two parallel directions, one scolding and one smug. The sour, scolding line is this: “If people are going to post personal information about themselves, then they can expect it to be misused.”
The smug line runs: “I never used those social media sites because I knew something like this would happen. So while this might be a big shock to the rest of you, it has nothing to do with superior me.”
Well, no. That’s not how our new digital era works.
First, this blames the victim, not the perpetrator (“If only you hadn’t walked home at night, you wouldn’t have been mugged”). As the launch of investigations by EU data authorities and the US Federal Trade Commission indicate, there’s potential lawbreaking here, and violated trust. This isn’t about personal culpability.
Nonetheless I can see where that scolding approach comes from. For aeons, the public discussion about the privacy risks of using social media has been on whether some types of posts (a drunken snapshot at a college party) might compromise you later (affect your job prospects).
This false perspective influences both the scolding and the smugness – if you only didn’t post that stuff, and if you only had stayed off those sites, you’d be laughing.
But you wouldn’t be. Ever. Not unless you have somehow reverted to living off-grid in a cash-only, payment-in-kind society, where you don’t work for a pay cheque, you don’t have bank accounts, you don’t pay taxes or have any relationship with a nation state, you don’t use healthcare, you don’t drive, you don’t use a phone, you never use the internet, you are utterly invisible.
And that’s probably not you, is it?
What the Cambridge Analytica/Facebook story has, at long last, started to reveal is the sweeping extent of data gathering by Facebook, and others. And how poorly understood it has been.
For the smug: you do not have to have been a Facebook user ever in your life to have had your data gathered by Facebook. As we have learned this past week, Facebook collected call data from users of Android phones for years because it could access contacts and hence information such as email addresses, phone numbers, even text history, via Facebook and Messenger apps on handsets.
And actually, apps of all sorts may request access to contacts, and could send this sort of information to a parent company.
But it doesn’t stop with apps. Take your web browser. It silently watches and stores data on where you go and what you do online. It may then merge that data with detailed location data from that free map application you also use, which gathers position data as you move about all day.
That might then be linked to all your online searches, and to data parsed from your free email account, where your emails are machine-read for key words in order to send you ads (which is kind of Cambridge Analytica-creepy on a smaller scale, isn’t it?).
Terms and conditions
Companies claim we know about all this because we agree to their terms and conditions but, as the Facebook debacle has revealed, few read or understand these complex and obtuse agreements. They trust these supposedly benign apps and services.
Every website you visit, every company you buy from, every State organisation you interact with, every financial institution you have accounts at, your transport services . . . all have your data. Surveillance isn’t just about secret cameras and listening devices.
So, don’t scold and don’t feel smug. If you exist, it’s basically impossible for you not to be producing digital data that is harvested, held by, passed between, and sometimes sold by every imaginable type of company and organisation. This overwhelmingly vast, often interlinked network of local, national and international data gatherers and processors affects us all.
What the Cambridge Analytica/Facebook story has done is force a broader public realisation at last of the existence of this daunting surveillance complex and the need to address it. And, I hope, it also highlights the utter pointlessness of self-regulation.
So, over to the lawmakers and regulators. In a digital world, where data gathering and exploitation is hidden and hard to understand, we must have simple user agreements that clearly indicate what is being gathered. We need opt-out as the legal default, so we always can make a choice about whether to allow a given activity. We need transparent algorithms, so that we know what is gathered and why. And companies must not be allowed to grandfather in the weaker settings from old versions of services or devices.
And overall, we need – and long have deserved – far greater international oversight and scrutiny of all organisations gathering data. With effective, mind-focusing punishments for data misuse. Nothing will change before then. Nothing.