This month, Netflix released its latest original production, a documentary called The Great Hack, and it couldn't be more timely. As Facebook faces further scrutiny over its various activities, it's easy to forget that it wasn't that long ago when Mark Zuckerberg was widely liked, respected, and most importantly, trusted by hundreds of millions of users around the world. Then the Cambridge Analytica scandal hit.
Netflix's The Great Hack recounts the various twists and turns of the scandal that rocked Facebook to its core and shattered the benign public reputation of the world's most widely used social media platform. It is an important record of how we got to where we are today and an important reminder of just how pervasively our data was harvested and just how sloppy Facebook was at protecting that data from misuse.
Netflix's The Great Hack Revisits the Cambridge Analytica Scandal
Netflix's new documentary does a remarkable job at condensing the core aspects of the scandal into an easily digestible fashion for its audience, which is no small feat considering the subject it is covering. Trying to explain data privacy issues should be simple--and in personal terms it is; it's easy for people to feel violated when their search history is tracked, or their personal photos stored on a data server in the cloud--but conveying the enormity of online surveillance by Facebook and others sounds downright Orwellian.
It becomes hard to fathom just what it is we mean when we say 'they know everything about us.' What is everything, and who are they? Mark Zuckerberg? Facebook employees? Facebook's AI?
What The Great Hack does so well is demonstrate the pervasiveness of this surveillance by representing the individual instances of data harvesting through popups and word-cloud-like fogs over smartphone users representing the data that is being tracked through our everyday smartphone use. Taking a selfie doesn't seem so harmless when seen through the eyes of Facebook's algorithm throughout the film.
What's more, The Great Hack brings home to the viewer what these data streams from our day-to-day existence enables people to do if they ever get their hands on that data.
Cambridge Analytica is the obvious go-to because of the pervasiveness of their data harvesting through Facebook but also the ends that they put that data harvesting to, namely the 2016 Brexit referendum in the United Kingdom and the US Presidential Election that same year. The Great Hack lays out for viewers the main thrust of the scandal in a way that makes it easy for even those not already versed in the ins-and-outs to follow. In doing so, The Great Hack provides an essential public service by reminding us all just what was done using our data, which in turn reminds us just how important it is that we safeguard it going forward.
What Was the Cambridge Analytica Scandal?
"We exploited Facebook to harvest millions of people’s profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on."
That is what Christopher Wylie, who worked with an academic at Cambridge University by the name of Aleksandr Kogan to harvest the data, told the UK's Observer in March 2018, a revelation that turned out to be the opening bell on the sprawling Cambridge Analytica scandal that would forever change how the world looked at Facebook and other tech giants.
It began with an app Kogan built, independent of his work at Cambridge University, called 'thisisyourdigitallife.' Kogan founded a company called Global Science Research (GSR) that worked with Cambridge Analytica in 2014 to pay Facebook users to take 'personality tests' using the app who agreed to let GSR and Cambridge Analytica collect their data for 'academic use.'
The app did much more than that, however. It also collected data on the users Facebook friends who had not given permission to have their data harvested in such a way. Facebook allows such data collection to occur in its 'platform policy' so app developers can improve the user experience (UX) of their app, but they are prohibited from selling that data or using it for the purpose of advertising. GSR and Cambridge Analytica appear to have gone ahead and used that data anyway to build up a data set of more than 50 million Facebook users.
Cambridge Analytica and the US Presidential Election
This is where things get particularly scandalous. Cambridge Analytica then categorized these 50 million-plus Facebook users and developed psychological profiles for all of them in ways that they could then market to clients, offering ways to target and reach people based on thousands of datapoints each. In one scene in The Great Hack, the claim is made that Cambridge Analytica was marketing their data pool as having 5,000 data points on every American voter.
Cambridge Analytica was co-founded by none other than Steve Banon, the controversial one-time campaign chairman for the Trump 2016 Campaign and Cambridge Analytica received financing from Robert Mercer and his family, who were among Donald Trump's biggest campaign supporters. Cambridge Analytica CEO Alexander Nix specifically envisioned Cambridge Analytica as being a Republican alternative to the Democratic Party's data operation. Needless to say, Cambridge Analytica was not offering their data set to Hillary Clinton's campaign in 2016.
According to Cambridge Analytica's then-director, Brittany Kaiser, Cambridge Analytica targeted American voters with ads but did so very discriminately. "The bulk of our resources went into targeting those whose minds we thought we could change. We called them the 'persuadables,'" she says in the film. By focusing on so-called swing states, Kaiser said, they stood a better chance at influencing the outcome of the election.
The creative team at Cambridge Analytica built carefully-tailored ad content that was designed to 'trigger' these individual voters based on their specific psychological profiles. "We bombarded them through blogs, websites, articles, videos, ads, every platform you can imagine. Until they saw the world the way we wanted them to," she said. "Until they voted for our candidate."
The effort is ultimately considered to have been effective, though there is no way to attribute any one particular vote to the efforts of Cambridge Analytica, just as no individual purchase in a store can be attributed to any particular advertizing campaign. But if advertizing weren't effective, no one would pay money for it.
Cambridge Analytica and the Brexit Referendum
Meanwhile, over in the UK, Cambridge Analytica had long maintained that they played no role in the 2016 Brexit referendum, saying only that they'd offered to help at one point. Just today, however, it has been revealed that both the Leave.EU campaign and the United Kingdom Independence Party (UKIP) were in regular communication with Cambridge Analytica throughout the lead-up to the Brexit vote and that Cambridge Analytica did work for the Leave.EU campaign without a signed contract and that the company was never paid for the work.
"Chargeable work was completed for Ukip and Leave.EU, and I have strong reasons to believe that those data sets and analysed data processed by Cambridge Analytica … were later used by the Leave.EU campaign without Cambridge Analytica’s further assistance," Kaiser wrote in a letter to Damian Collins, MP and chairman of the digital, culture, media and sport committee for the UK Parliament's House of Commons.
The Leave.EU campaign has been seen of being a forerunner to the Donald Trump 2016 Presidential Campaign and has been dogged by suspicions over its ties to Cambridge Analytica once the scandal broke in 2018--and it's easy to see why. For embittered Remainers desperate for any means to undo the June 23, 2016 referendum that voted to see the United Kingdom leave the European Union, the prospect of blaming the whole thing on digital malfeasance by a disgraced political electioneering firm has real appeal. It's been a difficult thing to prove, however.
Today's revelations shed some light on things, however. One email published by the Parliamentary committee reveals how Cambridge Analytica staff discussed with the Leave.EU campaign whether to share the analysis that Cambridge Analytica had performed on data they received from UKIP.
"We have generated some interesting findings that we can share in the presentation, but we are certain to be asked where the data came from. Can we declare that we have analysed Ukip membership and survey data," asked Julian Wheatland, Cambridge Analytica's chief operating officer, of Leave.EU's Andy Wigmore and UKIP's Matthew Richardson, then the general secretary for the party. Wheatland was told that Cambridge Analytica shouldn't reveal that they used UKIP data in their analysis.
Another email, this one from Wheatland to Cambridge Analytica staff, reads: "I had a call with Andy Wigmore today (Arron [Banks, founder of Leave.EU]’s right-hand man) and he confirmed that, even though we haven’t got the contract with the Leave written up, it’s all under control and it will happen just as soon as Matthew Richardson has finished working out the correct contract structure between Ukip, CA and Leave."
Kaiser wrote to Collins: "Despite having no signed contract, the invoice was still paid, not to Cambridge Analytica but instead paid by Arron Banks to Ukip directly. This payment was then not passed on to Cambridge Analytica for the work completed, as an internal decision in Ukip, as their party was not the beneficiary of the work, but Leave.EU was."
UKIP, for its part, disputes the implication that it used Cambridge Analytica's services during the Brexit Referendum. "We took the data to Cambridge Analytica, who looked at the data, and then we took the data away,” a UKIP spokesman told The Guardian. “We refused the service, frankly because it was too expensive, and we didn’t want to engage with what they were doing."
How Cambridge Analytica Changed the Way We See Facebook Forever
So what does this all have to do with Facebook? They weren't the ones to share the fake news during the 2016 US Presidential Election and if Cambridge Analytica violated Facebook's terms, why have they been getting hammered for more than a year over this?
The problem for Facebook has grown out of its platform being used during the 2016 US Presidential Election by Russian Intelligence operatives, according to the entire US Intelligence establishment as well as independent cyber security analysts, to manipulate American voting behavior to help Donald Trump win the election over Hillary Clinton.
While the Trump Campaign and their surrogates dispute that they received any help whatsoever from Russian nationals, the partisan anger at Trump's victory--Trump won the Electoral College vote which actually determines who wins the Presidency, while losing the actual popular vote by about 3 million votes--has found an easy target in Facebook.
Woefully unprepared for the electioneering efforts by the Russian Intelligence services, fake news and disinformation proliferated on the platform for months preceding the vote. While this itself has not been tied to the efforts of Cambridge Analytica--though there is still a lot about the Russian effort that isn't public due to the ongoing investigation--the ease with which Cambridge Analytica and others were able to gather data on Americans and target their efforts to highly specific voters shocked the public.
When the Cambridge Analytica scandal broke, Facebook pointed to the fact that when users signed up for Facebook, they agreed to make their data available to app developers for 'academic' use, so there was no actual data breach.
"Although Kogan gained access to this information in a legitimate way and through the proper channels that governed all developers on Facebook at that time," a Facebook statement issued in March 2018 read, "he did not subsequently abide by our rules. By passing information on to a third party, including SCL/Cambridge Analytica and Christopher Wylie of Eunoia Technologies, he violated our platform policies. When we learned of this violation in 2015, we removed his app from Facebook and demanded certifications from Kogan and all parties he had given data to that the information had been destroyed. Cambridge Analytica, Kogan and Wylie all certified to us that they destroyed the data."
What Facebook essentially said is that everything Kogan did was completely legitimate right up until the moment he passed that data on to Cambridge Analytica and Wylie. Kogan lied to Facebook in order to misuse the data that he was collecting, and when this was discovered in 2015, Facebook banned the specific app in question and demanded that they receive assurances that the illicit data had been destroyed, which everybody swore had been destroyed even though it absolutely had not been destroyed.
At no point did Facebook disclose that this took place, nor did they notify the people involved whose profile data had been scraped illicitly. They kept this information to themselves right up until Wylie himself went public with what they had done. Facebook's data policy lacked any meaningful safeguard against the misuse of their users data and when such an abuse in fact occured, the steps the company took to rectify the situation were as effective as slamming the barn door after the horse had bolted.
It would become a bit of a pattern for Facebook in the months that followed as further breaches of user privacy began to surface and Facebook's internal security controls over user data proved to be entirely insufficient given the vast amount of data that Facebook had harvested from its users. Ever since, Facebook has been in an ongoing public relations crisis over its use of user data, but it all began with Cambridge Analytica and Facebook's case-study-in-what-not-to-do response to Kogan and Cambridge Analytica's data operations.
Given the ends to which that data was ultimately put only made the situation worse for Facebook, since now it wasn't just that our data could be used to target us with 'relevant' product advertising, now it had been shown to be valuable enough to move world events, making Facebook's lack of data safeguards even more egregious.
And it wasn't just users who were upset. In a highly politicized environment, government officials in both the US and Europe immediately started investigating Facebook's privacy record which ultimately resulted in Facebook paying out billions of dollars in fines to the US Federal Trade Commission as well as agencies in Europe.
.@DPCIreland is awaiting from Facebook further urgent details of the security breach impacting some 50m users, including details of EU users which have been affected, so that we can properly assess the nature of the breach and risk to users. #dataprotection #GDPR #eudatap https://t.co/3oM3BSaSBS— Data Protection Commission Ireland (@DPCIreland) September 30, 2018
Facebook's public relations team put a lot of effort into getting out ahead of the firestorm by making public statements about its eagerness to cooperate.
@DPCIreland @verajourova We’re cooperating fully & will share more info with you as soon as we have it. We take this issue very seriously & are committed to understanding exactly what happened. We’ve also taken immediate action to protect people’s security https://t.co/XLcHGYFBu2— Facebook (@facebook) September 30, 2018
Still, they struggled with--and continue to this day to struggle with--a fairly essential question.
How soon after you became aware of the breach did you make users aware of the breach?— Ian Campbell (@iano081) October 1, 2018
"People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. That social norm is just something that has evolved over time."
That was Mark Zuckerberg back in 2010, explaining the founding principle of Facebook that less privacy was better, that more openness from its user base was the goal. Over the years, it has taken several controversial moves towards making that statement a reality, but it had largely hidden this fact from nearly its entire user base. The 2016 US Presidential Election, the Brexit Referendum, and the Cambridge Analytica scandal pulled back the curtain on these efforts and showed us, many for the first time, just how pervasive those efforts were. We were never the same after that nor should we be. That, ultimately, is the message of Netflix's 'The Great Hack' and it couldn't be a more timely reminder.