Protecting Americans' Data

As you've likely seen, a firm called Cambridge Analytica has been in the news for misusing Facebook user data and selling it to political campaigns without user knowledge. As the full story emerges, we have to understand how this is part of a larger conversation on new frontiers of national security, international meddling, and big data. Then we should contemplate about what our leaders should be doing to protect our privacy rights.

The Cambridge Analytica Scandal

Cambridge Analytica is a political consulting firm that helped run the Trump campaign’s digital team in 2016. In addition to regular consulting operations, like TV ads and polling, they also claim to have used “psychographic modeling” to target voters, a tool they developed using personality test data from Facebook.

Cambridge Analytica received this personality information through a Facebook app created by Aleksander Kogan, a Russian-American academic. He said he would use the data for academic purposes, so Facebook allowed him to access it. Some 270,000 users agreed to share their information for this purpose. However, because they agreed to share friends’ data, Kogan ended up with access to nearly 50 million profiles, which he then sold to Cambridge Analytica. Facebook learned about the breach in 2015 and was assured the data had been deleted, though it wasn’t. Now, whistleblower Christopher Wylie claims that Cambridge’s tools swung the Brexit and 2016 election results. He also claims that all of this data was within easy reach of the Russians, since Kogan made many trips back to Russia during this time period.

Though this all sounds very shady, it’s not clear yet which laws have been broken, or even that Cambridge Analytica is worth focusing on. This release of friends’ user data was well within Facebook’s rules for the time, and Cambridge Analytica doesn’t appear to have been any more effective than standard political consulting.

The details are still trickling out on this, but it’s clearly time for a broader national conversation about big data, protecting American privacy, and the role of government in regulating it.

The Role of Regulation

Discovering which regulations work best will be experimental at first. But this is the age we live in, and it would be irresponsible of government not to adapt to the new challenges and realities of our digital age. As we speak, the EU is beginning to enforce the General Data Protection Regulation (GDPR), which gives far broader protections for consumer privacy. And some Senators, including Mark Warner (D-VA), have begun to call for stronger regulations for Facebook and internet privacy laws.

One way to beef up security that I support is to create much stronger penalties for businesses that have data breaches. This will incentivize companies to shore up their own data before it can be hacked, rather than have apologies leaked out months later.

We should also require more transparency from companies about the data they keep. Facebook has begun to make some of these changes on their own, but Congress could mandate that all companies must show users what data they have and which third party groups have access to it. With this information, users could have greater flexibility with privacy settings. Companies should also have to notify users within a certain time window if there is a data breach and allow users to withdraw or update their privacy settings in the aftermath.

Meanwhile, Jim Jordan hasn’t said a thing about Facebook or Cambridge Analytica since the news first came out. Jordan’s always claimed to be a champion of privacy, so where is he on protecting Americans’ personal data?

There’s progress to be made here—we just need strong, thoughtful leaders to make that change.

I'll be keeping an eye on any legislation that makes its way to the Hill - hopefully we will see some of our representatives start to get serious about protecting our data.

Janet GarrettComment