How did we get to the Cambridge Analytica / Facebook crisis?

In the past few weeks, the world has become aware of a dark corner of the internet that has been hiding in plain sight. I have lived on the front lines of the battle over personal data, targeted marketing and transparency for the past 8 years.

I have been torn on these issues for a long time. As a marketer, I have found this space to hold more opportunity than any other I have explored. As a technologist, I have found the problem solving aspects fascinating. As a policy wonk I have been well aware of the lack of transparency that the existing systems have relied upon to perpetuate a broken system. As an ethicist and an educated consumer, I have always believed that the marketplace would be much better served by stepping out of the shadows and relying on transparency and accountability instead. Furthermore, I believe that the changes that we will see (post-Cambridge Analytica and GDPR) will have more profound effects in the short term, but that the long term outlook for these technologies will be very strong, once the dust settles.

The path that we have followed here started before my journey at CMP.LY and actually helped to lead me to begin trying to solve these issues in late 2009. My first glimpse into the future came when I was introduced to a team from music startup TopSpin, with a set of tools that were designed to help musicians and their record labels connect directly with their audiences via emerging social media tools and e-commerce. I was a pioneer in this space in the late 1990s when I ran Gotham Records and started AllIndie.com. In the decade that followed, the tools had finally developed to realize the dream that we had as early pioneers.

TopSpin used a variety of tools, many of them were built on top of a link shortening technology developed at Awe.sm and connections that could be made into Google Analytics tools that would give true resolution to the effectiveness of one to one marketing in social media and e-commerce. This was all very cutting edge at the time, but was simply a fully integrated offering of existing tools in a way that a lay person could implement and measure marketing efforts.

The eye-opening and jaw dropping component of TopSpin was an integration with a data tool from a company called RapLeaf. The moment that I saw RapLeaf in action, I knew that there was a huge shift coming in the ability to market to individuals, at scale, through social networking and digital platforms. With RapLeaf, once you had a user’s email, you were able to request data about that user’s social media handles and to see, firsthand, who those users were across the social spectrum. At the time, there were few restrictions, if any, on accessing timelines, news feeds and profile information from these users. Even friend lists were mostly available publicly at that point.

RapLeaf had been gathering data in the background, as I understand it primarily from a network of developers who had accessed user information from social games and other applications where users who had connected their accounts to the popular games like Farmville. As users connected their accounts to developer apps using the Facebook OAuth tools (you have seen this as the button that says “Connect with Facebook”) that connection enabled developers to collect and profile not only the users themselves, but to access the profiles of all of those user’s connections on Facebook as well. That data, compiled and organized, became the treasure trove of data that was available via RapLeaf. In October 2010, RapLeaf was effectively banned from the Facebook platform after a series of WSJ and CNN Money articles exposed the leaks of Facebook user IDs.

While this was the first significant example of user data being leaked or utilized off of the Facebook platform, it was certainly not the only indication that there were significant challenges ahead for Facebook data and API partners. This 2010 video from the Wall Street Journal could just as easily have been recorded in 2018:

https://video-api.wsj.com/api-video/player/v3/iframe.html

One of the other outcomes of the data protection concerns in 2010 was that Facebook, and the other leading social media platforms, signed a Consent Decree with the Federal Trade Commission committing to stronger data protection mechanisms and practices.

Furthermore, in 2011 Facebook requested an Advisory Opinion from the Federal Election Commission that would have granted an exemption from disclosure requirements for any of their content formats. The crux of their request was that they were technically unable to present disclosures within the formats on their platform. There were 9 comments filed at the Federal Election Commission in response to this request and it was made clear that inclusion of disclosures was, in fact, technically viable and feasible.

Our original comments on this issue led that charge and they are available here. The exemption was not granted, but a formal rule making was not advanced until late 2017. When an updated call for comments on this matter was made in 2017 there were in excess of 150,000 comments filed, with the vast majority of those comments calling for increased disclosure in political content within social media platforms. In that call for comments, we were no longer part of a small group, but in updated comments, available here, we reiterated our early concerns and shared updates from the 7 years that passed without an updated rule making.

If we have been aware of these challenges since 2010, why hasn’t more been done to fix systemic issues in data collection and use since then? I will explore that in my next post.

This post is part of a larger series. If you would like to learn more about how who I am and what led me here, that information is available here.