Facebook founder Mark Zuckerberg is in the hot-seat this week as he gets grilled by Washington lawmakers about the privacy practices of the largest social media company in the world. The fallout could put Facebook out of business.
The Cambridge Analytica data breach by Facebook has exposed the personal, and supposedly private, information of at least 71 million Americans to commercial electioneering companies, and foreign nations, so that psychological profiles can be created on each Facebook user, and their friends, then matched to registered voter databases and targeted with propoganda to influence their vote or to manipulate their viewpoints based on what type of messaging their profile and online activity indicate they would be susceptible to.
In 2014, during the run-up to the the 2016 presidential election, Cambridge University professor, Dr. Aleksandr Kogan, got permission for a research project from Facebook to use an app he created to tap into users accounts and retrieve their posts, pictures, likes, dislikes, online activity and other personal account and personality details – which also allowed for the collection of that data from all of their Facebook connected friends, without their permission. Dr. Kogan collected Facebook data on millions of accounts and then sold it to Cambridge Analytica, the company founded by Steve Bannon and his GOP funders. It was originally used, and probably created for, the Ted Cruz presidential campaign but Ben Carson also used the service during his election campaign until Donald Trump won the Republican nomination, then Cambridge Analytica got behind Trump.
Christopher Wylie, the man who formed Cambridge Analytica, claims his company has created psychological profiles on a lot more than the 84 million worldwide users (71 million American users) routinely reported in the media. In an interview with the Guardian, Wylie stated, “The company has created psychological profiles on 230 million Americans.” That’s the total United States Facebook database.
Soon after Cambridge Analytica purchased the Facebook account data from professor Kogan for $1 million, Lukoil, the second largest oil company in Russia asked Cambridge Analytica for a proposal and presentation on how exactly the oil company could use their app and Facebook data.
Cambridge Analytica founder Christopher Wylie thought it was strange that an oil company would want to know details about how his app worked, but he was happy to comply. Lukoil received detailed descriptions of exactly how the Cambridge Analytica system leverages Facebook, microtargeting, data and election disruption techniques to win an election – they were given enough information for any foreign government to reverse engineer the design – if they had the Facebook data, which we can assume they also purchased from Dr. Kogan.
The large amount of data that was being pulled From Facebook, by Dr, Kogan, did cause alerts to go off at the Facebook headquarters, but the professor just told the company that it was for research purposes, and Facebook didn’t ask any more questions.
In an interview with the Guardian during his presidential run, Ted Cruz commented on his online outreach program. He said, “is very much the Obama model – a data-driven, grassroots-driven campaign – and it is a reason why our campaign is steadily gathering strength”.
The 2009 complaint alleges that Facebook shared information in ways that were inconsistent with its statements to consumers and engaged in unfair and deceptive acts or practices in violation of Section 5 of the FTC Act.
The FTC demonstrated that Facebook deceived consumers and subjected them to unfair treatment when it made material, retroactive changes to the privacy of their information, without their consent. Facebook is also alleged to have deceived consumers regarding numerous other privacy practices, including the protections provided by their privacy settings, access to their information by third party Apps, sharing of users’ information with advertisers, and access to users’ information following deletion of their Facebook accounts.
The FTC does not have authority to levy fines for violations of Article 5, but violations of FTC consent decrees are subject to civil fines.
The 2011 FTC consent decree requires Facebook to establish and maintain a comprehensive privacy program, and to obtain biennial privacy audits by an independent third-party professional for twenty years. The order also requires that Facebook give clear and prominent notice and obtain a user’s affirmative express consent prior to any sharing of the user’s “nonpublic user information” with any third party. In addition, the order prohibits Facebook from misrepresenting the extent to which it maintains the privacy or security of its user data. Should Facebook violate any term of the final order, it is liable for civil monetary penalties of up to $41,484, per violation.
The 2011 Facebook FTC consent decree stated, “The Commission believes that the biennial privacy assessments will provide an important means to monitor Facebook’s compliance with the order. Each assessment will involve a detailed, written evaluation of Facebook’s privacy practices over a two-year period, and will require the auditor to certify that Facebook’s privacy controls have adequately protected the privacy of “covered information” throughout the relevant two-year period. In addition, we note that the audit is not the only check on Facebook’s conduct. We regularly monitor compliance with our orders, and if Facebook deceives consumers or does not provide sufficient control to its users, as required by the order, we can seek civil penalties without waiting for the next audit. We believe these tools will require Facebook to demonstrate its compliance with the order throughout its 20-year duration. It is our hope that the prospect of such substantial civil penalties – which Facebook does not face absent this order and did not face in December 2009 – will have a significant deterrent effect on the company.”
The FTC has several options to choose from when charging violators of consent decree orders. They can choose to fine a company or individual $41,484 for every person affected by the violation. It could be every day that people overall were affected. It also could be the number of people affected times the number of days they were affected. If the FTC chooses to fine Facebook $41,484 for every individual who had their account exposed (which is the FTC standard operating procedure), then Facebook could be facing fines of almost $3 trillion based on the 71 million American Facebook accounts that were compromised.
Facebook’s market cap is a whopping $458 billion, and they made $15 billion in annual revenues last year, but a multi-trillion dollar fine, or even a fraction of that amount, would doom Facebook. Maybe it is best to just put them out of business and let a better competitor enter the market. As is stands, any competition that challenges or opposes Facebook will be bought out before they can take away any meaningful amount of market share. The two other largest social media companies, Instagram and What’s App, where purchased by Facebook as soon as they became a potential threat.
As Mark Zuckerberg strolls the halls of Congress this week, let’s hope policy makers hold his feet to the fire and demand he take proper care of the personal data of the millions of Americans who utilize Facebook and thereby entrust him to protect their private online information – or just fine Facebook the $3 trillion they now owe for violating the 2011 consent decree, and put them out of business.