A lot has happened with Facebook and its involvement in a raft of really spooky-sounding privacy intrusions since we wrote about how to protect (or completely) delete your profile on the embattled social media service.
And that was just last week.
A quick summary of recent developments:
Facebook asked hospitals to share patient data. It was anonymized data for a research project about patients that was supposedly a way to help hospitals figure out who needed special care. Still, it’s a bad look for a company undergoing serious trust issues.
Mark Zuckerberg was able to secretly delete old Messenger posts. Oddly, the company’s response was to announce that they would soon allow all users the chance to “unsend” messages. Again, not a great look for a company for whom transparency should be bedrock.
Facebook proactively went after Russian troll farms last week. It removed dozens of profiles, pages and Instagram accounts from the Russian-based Internet Research Agency. It will also label all future political ads and confirm an ad buyer’s location and identity.
Starting now, you’ll be able to see if Cambridge Analytica “stole” or misused your data. The notification will be at the top of your newsfeed, along with the apps you use (through FB) and the information you share.
We know more about who in Congress will be grilling Zuckerberg this week. Three different committees will question the Facebook founder during a two-day joint hearing between House and Senate that begins Tuesday (April 10). Expect a bipartisan beatdown, although maybe not as tough of one as you’d expect (you can thank lobbying dollars for that).
A good example of the type of modest scrutiny Zuckerberg could face comes from the quotable Sen. John Kennedy (R-LA), who appeared on this past Sunday’s Face the Nation. “I don’t want to hurt Facebook,” he says.“[But] we’ve got to talk about the initial bargain. Is it fair for me to give up all of my personal data to Facebook and apparently everybody else in the Western Hemisphere in exchange for me being able to see what some of my high school buddies had for dinner Saturday night? Who owns my data? Do I own it or does Facebook own it? [And] The service agreement with Facebook. It’s written in Swahili. Nobody understands it.”
If a lawmaker does ask difficult or unexpected questions, it’s going to be someone off the radar, as David McCabe on Axios notes: “The most striking moments of a congressional hearing come when a lawmaker surprises the witness with unexpected — or unexpectedly aggressive — questions. A tough hit against Zuckerberg by a lawmaker who’s not on this list would have a good chance of grabbing headlines.”
That said, Kennedy’s “initial bargain” talk seems to suggest Zuckerberg’s interrogation won’t be limited to the data breach from election consultants Cambridge Analytica. Which is good: Facebook’s COO Sheryl Sandberg herself told NBC’s Savannah Guthrie that additional third-party data breaches were “possible.”
And that brings us to our final point:
There were certainly (not “possibly”) additional data breaches on Facebook, and that begs a question that some emboldened lawmaker absolutely must ask Zuckerberg this week. Initial reports have centered around a psychological test devised by academic Aleksandr Kogan that was later used by Cambridge Analytica to collect data and develop “psychographic” profiles of millions of FB users (who were also potential voters). But on LinkedIn, Brian Solis’s thorough dissection of Zuckerberg’s weeked town hall with journalists offered one potential new landmine regarding Facebook and data privacy:
Users who didn’t disable email/phone number search should assume their public info was scraped by sophisticated actors who evaded rate limiting. The extent of this scraping and how data was used by third parties is unknown.
The Wall Street Journal recently shed light on exactly what that means, noting that Facebook has admitted that “most people” on the service could have had information “scraped by marketers who used a feature that distributed profile data connected to users’ email addresses and phone numbers. Facebook said it has now disabled the feature.”
This scraping of info is integral to “Lookalike marketing,” a tactic that brands use to target potential customers. By leveraging their existing email databases, brands can use Facebook’s data and marketing tools to deploy ads that target users who “look like” their current customers: similar age, interests, income level, etc.
And who else might find such a tool valuable? A political campaign that wants to influence a certain subsection of swing voters who are susceptible to certain messages.
As one digital media expert told us: “The Facebook algorithm is brilliant. Say I gave 30,000 emails I collected to Facebook. Through lookalike targeting, they could dissect every data point, behavior, insecurity, whatever, and come back with 1,000 attributes those 30,000 people have in common.”
And, most importantly, find millions of other Facebook users who fit the same profile. Those 30,000 people could lead to millions of potential “behavioral DNA clones.”
So why didn’t everyone do this? The key is not just throwing any random collection of emails into the algorithm. “Think of it this way,” our digital media expert told us. “JetBlue is a big company, and if they want more customers, they have the email addresses of those who fly JetBlue. If you did lookalike matching on FB and see what they have in common … well, they don’t have anything in common. Same with people who have a MasterCard, Visa or AmEx … collectively, those people have nothing in common.”
To use the tool effectively, what you need is a smaller, highly engaged list of emails, with constant feedback and analytics on how users engage with the content you send them. Only then can a brand, publisher or (sadly) overseas propaganda machine start to group users into meaningful psychographic groups that can successfully leverage Facebook’s lookalike tool.
So what would our expert ask Zuckerberg if he were on the panel at tomorrow’s senate hearing?
“Regarding Facebook lookalike target marketing: What does that mean? What would happen if you had a targeted, opt-in email list? Could you theoretically put in 30,000 names to influence 70 million voters? And how did these targeted emails get to these Russian companies or Russian bots?”
He continues: “Most of what I described isn’t illegal — it’s called advertising. It only becomes illegal because foreign entities are not allowed to spend ad dollars to influence U.S. elections. I say: follow the email lists.”
A question, and hopefully an answer, to ponder this week, for sure.
This article was featured in the InsideHook newsletter. Sign up now.