As Mark Zuckerberg prepares to testify before the U.S. Congress this week, the whole world seems to be against Facebook. Is this a watershed moment for the future of the company and the broader consumer internet as we know it? Will the tremendous public outcry against Facebook and the rest of the industry result in truly meaningful change that actually advances consumer interests and protects the long-term integrity of American democracy?
Perhaps. But if this is to happen, we will need to look beyond the monotone drumbeat of anti-industry rhetoric to understand precisely how the core business model of internet platform companies like Facebook really work. Only then can we reverse the exploitative and polarizing tactics that were likely pursued by political communicators during the 2016 elections.
Will the tremendous public outcry against Facebook result in change that actually protects the long-term integrity of American democracy?
The market structure that permitted Cambridge Analytica’s breathtaking scale of data collection and exploitation was not a hack or a breach or an illegal act. It was merely an example of the core product offered by Facebook — targeted advertising — functioning as designed and exploited to its logical (if unsavory) extreme. Leveraging user data to target ads and customize content that appeals to people is the business. And there are precious few restrictions on how it can be done, even if the results undermine the integrity of democratic political culture.
What is really at stake here is not just privacy. Yes, the fact that 87 million users’ Facebook data was (and maybe still is) out there for nefarious actors to manipulate is not good for individual privacy; none of us want our sensitive information in the hands of strangers. But if we think of the incident only in this way, we run the risk of casting it in the same light as the recent data breaches at Uber, Equifax, Sony, or Target.
Remember them? All of these incidents were significant and caught the public’s eye, too — and were equally damaging to consumer privacy. But notably, nothing really happened to any of these companies. After a few weeks of public backlash and some minor slaps on the wrist, it was back to business as usual.
But there is something different about the Facebook incident; the data leaked to Cambridge was especially rich and sensitive, and came into the possession of people who aimed to directly influence our political freedom. News reporting has not yet revealed in great detail what kind of data Cambridge took. We can guess, though. First, the data likely included personally identifiable information — persistent indicators that can uniquely identify a person including his or her name, phone number, email address, and perhaps most dangerously, Facebook user ID. Second, we know that Cambridge gained access to users’ “Likes” — that is, the pages, personalities, news reports and other content in which users indicated their interest.
The combination of these two types of data would necessarily have allowed Cambridge — and by proxy, potentially its clients — to infer the preferences, interests, beliefs and behaviors of the people whose data was stolen. And as far as we know from the disclosures, most of those 87 million people were American voters.
So, should we demand better security, privacy and policy practices of Facebook and like companies? Most definitely, yes. But this will not immediately shut off the potential for future disinformation operations. The fact is, no grade of security is capable of never being breached. And though the academic question of whether or not this incident should be classified as a “security breach” (a term that carries certain legal ramifications) has correctly been challenged by Facebook, the company could surely have done things better — in choosing its research partners, in holding them accountable for the handling of sensitive data and in disclosing these details to consumers.
But what the public needs to understand is the nature of the digital advertising industry itself — and by extension, the nature of the customized social media feeds into which these ads are integrated. We are its consumers whenever we use the internet. And though its commercial underpinnings may not be readily apparent to us, this market is driven first and foremost by our personal information.
This world of digital commerce, which is dominated by advertising, is premised on the collection of vast quantities of user data, the creation of networked platforms that offer compelling services and the sale of targeted ad space to anyone who will pay for it. The fact that nefarious actors have invaded this space now should motivate us to clean up the digital square.
Left unchecked, we will see a race to the bottom to use digital tools for political exploitation. Now is the moment to put country over party on both sides of the aisle.
Which brings us back to the matter of Zuckerberg’s Congressional testimony. This is not one of those issues that can be treated with party line dogmatism. And while Trump and his brand of Republicanism may have benefited from this degradation of American politics in the short term, this is surely not a constant. Left unchecked, we will see a race to the bottom to use digital tools for political exploitation. Now is the moment to put country over party on both sides of the aisle.
So far, reaction from policymakers has been publicly strong but privately uneven. Facebook has faced criticism from both sides of the aisle following reports of data breaches, but legislation that might work to close privacy loopholes has been slow to materialize. Last October lawmakers introduced a bill, The Honest Ads Act, sponsored by a bipartisan group of Senators and supported by as many as 18. The bill proposes that the marketers that fund internet-based political advertising be explicitly displayed in the ads. This approach represents a good start. But the bill has so far failed to move out of Committee. Now that Facebook has reversed course and announced its support for the bill, this may change.
But even if the bill does find the votes, it does not go far enough. Transparency alone — even if there was consensus around a gold standard — cannot stop the actions of nefarious actors intent on affecting our electoral process. Nor would proposed algorithms that might better detect malicious content, because disinformation actors and other bad players will find ways around them.
Even with the current backlash, it is difficult to imagine legislation that reforms the ways that internet data is collected and advertising algorithms are developed could find enough votes.
What we need is comprehensive reform of business practices in the sector. As we argued in a report published by New America and the Shorenstein Center at the Harvard Kennedy School earlier this year, it is the business model of the digital advertising industry itself that has been the root cause of the problems that have surfaced over the past few years.
More effective than the Honest Ads Act would be a baseline privacy law. But even with the current backlash, it is difficult to imagine that legislation that reforms the ways that internet data is collected and advertising algorithms are developed could find enough votes to pass Congress.
This is a grim reality. Our challenge is not just to overcome the natural resistance of mega-corporations to regulatory oversight, but to break free of the self-defeating partisanship that threatens to turn an existential crisis of democratic integrity into another Washington soap opera. Cambridge Analytica has shown us the consequences of failure. What we need now is leadership — from industry and from government — that meets this crisis with ambition and principle.
Ben Scott is senior advisor at New America and served as Policy Advisor for Innovation in the U.S. State Department during the Obama administration.