Facebook data theft exploited millions

YOU’VE HEARD OF FACEBOOK, right? The social media platform that started out as a safe-seeming sandbox for sharing details with friends and family about our lives? Over the weekend, Facebook’s 2.2 billion active users might finally have gotten the message that it’s not that way any longer, if it ever was.

On Saturday, The New York Times reported that Cambridge Analytica, a voter-profiling startup flush with a $15 million investment from right-wing Republican Robert Mercer, harvested private information from the Facebook profiles of more than 50 million users — without their permission. Christopher Wylie, a Cambridge Analytica founder-turned-whistleblower, told the Times that his former bosses “want to fight a culture war in America,” shaping data into the sharp end of the spear.


Facebook responded with all the bluster of a corporate tech giant. Facebook executive Andrew Bosworth deflected urgent questions by quibbling over terminology, saying, “This was unequivocally not a data breach,” according to BloombergTechnology. Facebook’s chief security officer, Alex Stamos, defended the company on Twitter, then, according to Recode, tried to delete his tweets — proving the truism that social media can make any reputational hit geometrically worse.

Recode and other sites tell how bad actors from Cambridge Analytica gained access to user data: A developer created an app called “thisisyourdigitallife” that used a feature called Facebook Login to vacuum up a range of personal information from those who opted in. Because of Facebook’s sprawling network, the 270,000 who opted in opened up a treasure trove of data from 50 million users.

To some extent, this is what Facebook is made for: Its propulsive growth has been fueled by the simple human desire to share trials and triumphs. And most users are aware they’re sacrificing some privacy to advertisers who note their habits and likes, but are willing to accept a few trade-offs in order to facilitate a friction-free stream of conversation and commerce. Facebook says it has since changed its terms of service, the voluminous “fine print” that few users take time to read through to the end.


But the Facebook user agreement shouldn’t be the go-to regulation for protecting US consumers or governing ethics online. That’s the job of elected officials. Commendably, Massachusetts Attorney General Maura Healey launched a state investigation on Saturday. Calls for congressional hearings came from US Senator Amy Klobuchar, a Minnesota Democrat who serves on the Judiciary Committee. One potential remedy is already on the books: In 2011, Facebook settled charges by the Federal Trade Commission that it deceived users by promising privacy; new violations could result in stiff fines.

But consumers don’t yet even know what information was stolen, or when. If it’s unrealistic to expect a return to that safe sandbox, state and federal officials can at least bring clarity to the rules of the playground.