By Ethan Arave
At the intersection of analytics and marketing there lies an intellectual arms race, an ever-intensifying search for more and better ways to utilize the vast troughs of data users offer up on various platforms to better target a product or idea. Public commentary focused on the balance being struck between privacy concerns and modernization of marketing in this race is relatively minimal, only really manifesting as the result of some perceived innovative breakthrough or as the result of some high-profile disaster.
For a clear demonstration of this cycle, one need only look at the recent ‘breach’ of Facebook user data by the UK based analytics firm Cambridge Analytica (CA). In brief, CA was the firm at the helm of several high profile political upsets in the recent past: namely Donald Trump’s successful presidential campaign and the Brexit Yes vote. After their successful run of data-driven populist campaigns in 2016, CA was found to have been utilizing Facebook user data gathered with an app that claimed to be utilizing data for purely academic purposes but was, instead, provided to CA and utilized to build a bevy of political models. These models ranged from basic voter patterns and polling estimates, to the more nefarious sounding and modern ‘psychographic’ profiles of users, meant to capture a more holistic image of the voter and finely tune images to engage them. In examining coverage of CA and Facebook over the last eight months, covering a period between CA’s victory lap in two momentous campaigns through to immediately after public attention was drawn to the ‘breach’, I will outline the course over which the modern conversation on privacy and analytics takes place, and its immediate consequences.
CA and Facebook’s shared story is a complex one and several aspects are hotly contested as I write this, but there are some certainties that can be established to help scrutinize the ‘breach’ and its continued fallout. To start, while CA is far from the first company to utilize Facebook user data for political purposes, the main contention at the heart of the scandal is the lack of transparency with which that data was harvested. Perhaps the most notable distinction here is that, “… Obama for America did collect data on users’ friends,… at the time [this practice was] in line with Facebook policy… In 2015, Facebook changed the rules so that apps could no longer target the friends of users who downloaded them.”
That this would seem a minor distinction of policy rather than moral imperative, especially when separated by such a small span of time, is, for some, evidence that the CA scandal represents little more than an empty alarm being sounded by vengeful actors who disagreed with CA’s clients’ political views. There are also questions, stemming from Facebook’s own response, as to whether this constituted a breach of private data placing one or both actors in legal peril, or merely a distasteful disuse that requires minor corrections, as Facebook would argue. I make no claim to the nature of a ‘breach’ as it is semantically being argued, nor that this is an issue in a vacuum, completely separate from the 2008-12 era tools utilized by the Obama campaign. Instead, I am simply interested in documenting the narratives around CA and their rapid evolution: a story of data’s efficacy and power and the intellect of those wielding it giving way to a denunciation of all actors involved.
It all started with results. The causal impact of an analytical process is always difficult to establish, especially in as volatile a realm as politics, which makes an upset the perfect event on which to stake such claims. CA was not shy about their role in the Trump campaign; in fact they were surprisingly candid: this video, timestamped as the head of product for CA claims they didn’t have the time or funding to build a complex psychographics operation, gives a great deal of insight into how CA was viewed, and viewed themselves, after their victories. The head of product claims that, far from these more nefarious and new tools, CA built relatively simple models they validated on the Republican National Committee’s voter role data and checked against what is obliquely referred to as “Cambridge’s data” (presumably the data collected through the Facebook app). They also sought to impart that their data-driven ground game was impactful not for its complexity, but for its freedom from oversight (more on this later). CA were portrayed as both pioneering genuises and consummate, down to earth, pollsters, receiving the praise of both while deflecting the concerns of either (overreach and bad faith as data geniuses or a fluke victory as humble pollsters) with calculated corrections such as the CSPAN interview above.
Far from the media narrative at this stage being one note, there were warning signs, even in late 2017, that Cambridge might be in trouble, but then these were relatively minor claims, the sort of backlash one might expect for any firm that had made itself a target through its string of impressive successes. Perhaps the most striking example of this before-the-storm moment is this article, where the currently suspended CEO of CA speaks to prospective book deals and publishing on their momentous victory.
Then came the revelations. While The Guardian’s reporting was the match strike, owing to their access with an analyst who worked with CA, the nature of the story quickly augmented and spread. While CA’s CEO, Alexander Nix, was suspended for reasons unrelated to the Facebook ‘breach’, it’s difficult to imagine the suspension wasn’t catalyzed by the incredible scrutiny befalling CA at the time. Regardless of the publicity they’ve received, there are several narratives that have spawned about how the company looks in retrospect. First there were those positing CA as an unbridled force, a malignancy on mankind akin to the creation of an atomic bomb, a force that will reshape all of politics to come for the worse. Then there were those who saw Facebook as near-sole bearer of responsibility, arguing that Facebook was priming the pump with a mix of negligence and short sightedness speeding toward this exact type of disaster. Finally, and perhaps most fascinatingly, are those takes that establish that the users are the ones responsible here; no amount of marketing should be able to sway people from their beliefs and, if it does, it’s ignorance on the part of those users and not the company’s responsibility to protect them. The latest wave of reporting to come out is noting the fallout, both financial and with regard to image, Facebook faces.
So what lessons exist in this drastic shift? It would seem a relatively straight forward tale: CA was found to have an illicitly gathered database which was only possible due to some amount of negligence on Facebook’s part. The story then is just a failure of these corporations to ‘behave’ within public expectation, or to provide a transparent representation of their goals and intent. But there’s more here, especially noticeable in how much fallout Facebook has faced publicly. While it’s likely this will only be a momentary setback for one of the most powerful corporations on earth, it’s interesting to see how many narratives focus on Facebook as a social evil, claiming that the CA breach is only clarifying all of the negative relationships that already existed between Facebook and its users (and services that rely on Facebook).
For me, though, the most interesting story with little-to-no coverage has to do with that initial argument around this being an unstoppable negative trend in politics. In the aforementioned CSPAN interview, CA employees mention what is, to their minds, the most important piece of their operation: to show the voters whatever images got them engaged. It didn’t have to make sense, be especially focused, or even true and it might have been shunned by a less data-driven campaign; but CA went with whatever images most engaged users. This is a critical notion: that the images that activate our emotions are more important than any underlying message; and it connects directly to how these companies and the US government handle outrage in the modern era.
One might expect that the public outcry currently leveled at Facebook and CA would result in policy aimed at addressing the glaring data privacy issues brought to light, or at the very least in a discussion on that subject. And indeed, there have been some preliminary talks about Mark Zuckerberg testifying before Congress. However, as far as policy is concerned, the policies being passed at this moment tell a very different story than the images being presented. The ‘Cloud Act‘, as it was passed, is exactly the sort of bill that those outraged by data breaches as violation of privacy would decry and yet, because it is detached from the immediacy of a stock fall or demonstrable impact, it has almost completely fallen from public notice. It’s still too close to this event to see its impact, but it’s unlikely that the practices CA utilized to propel political longshots to victory will see less use over time, especially with the narratives of the power and results established above. Similarly, Facebook is likely to posture more than actually change its bedrock model of offering up user data as its primary product.
In the end, unprecedented policy change will be necessary to retrofit America’s data privacy policies to match users’ expectations and, until that time, breaches and coverage cycles like these are more likely to reoccur.