Facebook Acts Like a Law Unto Itself

I have thought for some time that Facebook is essentially a bad actor in the tech and platform spaces. There aren’t good companies and bad companies of course. All the tech behemoths play in the space that has now landed Facebook in so much trouble. In some ways, Google does even more, certainly when it comes to collecting, mining and monetizing almost limitless amounts of personal information, largely for the purposes of targeting advertising. But Facebook has again and again shown a more nefarious side – it shows up in the indifferent manner in which they deal with people’s personal information. It shows up in the very different realm of how they deal with business partners – creating whole business ecosystems and then pulling the rug from under them when it suits their purposes. There are lots of problems with Google, which I’ve discussed. But they don’t act like that. Not like Facebook.

Let me share a few observations about the way Cambridge Analytica was able to get access to some 50 million user profiles.

The first notable thing is that if you take their accounting at face value, Facebook was willing to provide what seems like comically blanket access to private data as long as someone would represent that they were using it for academic research. So for instance, it was okay to harvest the information of friends of people who gave permission to harvest their data as long as it was for academic research. Why this is okay for academic research is a mystery. Consent in academic research is actually a pretty big thing. It also seems that apps were allowed to do this kind of ‘friend of’ harvesting as long as the data was used for the primary app user’s user experience. But again, what does that mean? What are the strictures? And why does anyone have permission for that anyway?

The bigger point is that these policies almost invite violation. What if TPM said we will give out your credit card information for academic purposes as long as people agree not to charge anything on your card? Well that would obviously be crazy. But that’s not that far off what Facebook was doing. The key point being: we told them they weren’t allowed to charge your card. Bummer for you if they didn’t follow our rules.

Once this information escapes Facebook’s custody the company has no control over it and no real way of knowing what is done with it – yet it assumes no responsibility for whatever use might occur. That’s crazy. No one has this kind of policy with anything else of value or anything that can be misused. Do we really believe that stores of inform which have immense value would never seep out of academic possession either by hacking or sale or just giving it away? That’s a crazy assumption. Of course it will, unless the primary repository of the data is incentivized with strong liability exposure.

(ed.note: TPM, like most reputable publications, never takes possession of your credit card data. We’re not good enough at security. We use an industry standard company whose whole business is security. Why? Because we’re not insane and if we’re holding your credit card information and someone gets a hold of our our liability is huge.)

The still bigger point is that whatever Cambridge Analytica acquired, by definition, Facebook already had. Nor is this like having vital property stored in a safety deposit box. Facebook’s business model is using that data much as Cambridge Analytica used it. CA used that data perhaps for fake news and other dark ops which Facebook may not. But fundamentally this is what Facebook does and Facebook has all of that data and much, much more.

Several months ago I said that I thought Facebook was destined for a bruising confrontation with Mueller’s Russia probe. I was happy to see that happen. This is an example of why. Facebook operates as though its policies are something like laws and actually should operate like laws. The entire problem stems from the fact that Facebook has created its own set of rules in which it has no liability, no real grounded monetary liability for what is done with your data, who gets access to it or what they do with it.