MSP23: 101.CAMBRIDGE ANALYTICA

melting world.JPG

101.CA

Confused by the Cambridge Analytica story? #DeleteFacebook is no solution. We need to completely change the business model of online companies if we want to safeguard our personal information. Follow Matt’s 101 to find out how data companies are using sophisticated psychology to manipulate and nudge our behaviour.  

Pic: Composite/Pixabay

EPISODE TRANSCRIPT

You might have heard the name Cambridge Analytica being bandied around the past few days. The data analysis firm has found itself at the centre of a controversy surrounding its actions and possible breaches of millions of Facebook user profiles. That’s right, this week is no laughing matter for Kulturpop’s Matt Armitage, as we Mattsplain your data rights.

 

Do you want to boil the story down for the listeners.

·      Unless you’ve been living under rocks this week then you will probably have heard at least something about this story.

·      A whistleblower called Christopher Wylie has lifted the lid on potential abuses and manipulations of Facebook data by a British-American analytics firm called Cambridge Analytica.

·      Founded in 2013, the firm’s mission is to help businesses and political organisations in their efforts to “change audience behaviour.”

·      The firm was at the heart of the Republican campaign in the 2016 presidential elections in the US.

·      This week it was alleged That the company had managed to harvest User Data on more than 50 million Facebook profiles and that this information formed the basis for the strategies it used to help elect Donald Trump.

·      There appears to be some disagreement between Cambridge Snalytica and Facebook as to whether that user information was obtained legitimately.

·      And this may not be an isolated incident. Again, this is unverified, but former Facebook staffers have alleged that this kind of behaviour is commonplace amongst marketing and research firms, gaining restricted access but then taking more data than they should.

 

A normal week in Silicon Valley then?

·      On the face of it, yes. I hack you, but you don’t want to admit you’ve been hacked because it will affect your share price, so you send me a cease-and-desist letter and we all go off and sell our spoils and no one, except users, whose only purpose for existing is to create data, is harmed.

·      Another day in the Valley.

·      But the dismay of everyone concerned, because this breach isn’t recent, it took place a couple of years ago and everyone concerned has been doing their best to make sure it didn’t get out, this story isn’t going to go away.

·      This is now getting wrapped up in the FBI probe into election interference, and senior managements figures from both companies have been asked to appear before elected representatives in the parliaments of both the United States and United Kingdom.

·      Especially as some of those same figures have already given testimony under oath that these latest revelations might seem to contradict.

·      I would imagine that might also include requests from several other European countries as well before the end of the week.

·      It’s quite telling senior figures from FB have been keeping a very low profile with no statements on the matter until Wednesday night or Thursday morning, depending on your timezone.

·      I would imagine that during the first part of the week there room somewhere with hundreds of lawyers running through multiple scenarios for how Facebook should respond to this emerging scandal.

 

Are we getting used to these stories and revelations? Do they have any power to shock us anymore?

·      It does seem that media gets more excited than users.

·      Part of that is in our understanding, or lack of understanding, of what data is and can do. Yes, we are becoming jaded.

·      In one of those ironies that is now becoming wearying rather than shocking, you’ve probably clicked on a link on Facebook that takes you to a story about how Facebook, or those who have been granted access to it, have abused their

·      If it doesn’t sound ironic, well, your growing scepticism about facebook’s use of your profile data now forms part of your Facebook profile data.

·      Certainly the markets have spoken, wiping more than $50bn off the value of FB shares this week, which doesn’t really matter tbh, except to FB investors.

·      The real issue is whether it will affect FB’s revenue. And that in turn is linked to how users respond to this growing scandal.

·      I want to talk about some of the more interesting implications of these revelations,  so If you want to know more about the minutiae of the story, two British news sources have been covering this in depth. www.theguardian.com broke the story under its Observer banner and is unravelling a lot of the threads. There’s also some incredible undercover video footage of the senior management of CA caught in a sting by the UK’s Channel 4 News.

·      And, because this is evolving so rapidly, there will no doubt be a lot more information uncovered between the recording of this show on Thursday afternoon its broadcast on Friday morning.

 

So in a sense there are two issues. How companies like Facebook allow third parties to access user profiles and what those third parties can then deduce from that data?

·      Yes, and at this point it’s harder to say which is the juicier story.

·      On the one hand we have issues of trust, particularly as we entrust companies like Facebook to protect our information.

·      And this is a really fine balancing act, let’s not pretend that this is easy,

·      Facebook has to act according to the data privacy laws of each country that it operates in.

·      In some countries Facebook is protecting that data from overreaching governments, in other countries those laws are designed to protect the users from any overreach by Facebook, and lastly, Facebook has to abide by the spirit of those agreements and laws while selling permissible data to third party companies so that it can turn a profit.

·      That is one heck of a cartwheel. And it’s system that’s pretty much guarantees the wheels are going to come off from time to time.

 

Can you throw some light into the ways that advertisers can use Facebooks data? Maybe that’s something a lot of our listeners aren’t aware of.

·      Okay, so I regularly promote these shows through Facebook and Instagram.

·      Beyond putting up posts announcing the shows which, let’s be honest about it, get seen by hardly anyone if I don’t put any money behind it, I put a small amount of money into promoting the shows.

·      One of the reasons I do that is because I Have a great deal of control of the targeting of those ads.

·      So I can make a decent return, in terms of eyeballs and show streams, out of a small amount of money.

·      Even the term ad here can be misleading. This this Isn’t the traditional advertising of an instagram sized Version of a magazine or billboard ad or television commercial.

·      This is me boosting the normal posts I put up about the shows.

·      I can choose Basic criteria such as age range and sex.

·      Very importantly, I can Geo locate. So if I want to, the Post will only be promoted to people within 5 km of this radio station.

·      Of course, I choose a wider range than that because I can just open the window up here in BFM towers and shout to all the people within a 5 km radius.

·      Most importantly, I can start to narrow the profile in terms of people’s preferences.

 

Let’s be clear here. You can’t see actual user data.

·      No. I don’t know who specifically will see the post.

·      I only know what kind of people will see the post, or at least, people with some of the preferences that I’ve defined.

 

And those preferences come from the things we Like?

·      Yes. That’s why I said it’s ironic that being sceptical about Facebook could be used by Facebook to sell to companies that want to market to people who are sceptical about Facebook.

·      And that’s quite a word salad for a Friday morning.

·      And all this is done so easily and effortlessly that I can boost my post from my phone.

·      So if i lift up my phone now Facebook gives me a whole range of demographics, interests and behavioural traits I can select.

·      I can select them according to their interests, activities, any pages that they’ve liked. I can target them according to education and employment details, or according to various criteria relating to their lifestyle and I can also target them according to the way they use certain devices, and information about purchasing history or their likely intent to buy certain products.

·      So if I want I can choose people with PHDs who are active pole vaulters and like badger baiting and knitting.

 

That’s all there on the phone?

·      As I said, I don’t need a big console or any bespoke program. This is all baked into Facebook’s browser and mobile apps.

·      They already have my payment details on file, I indicate my total spend and duration, they give me a rough estimation of how many people I can reach with that budget and how many more I can reach if I increase my spend.

·      I press go and usually within about half an hour Facebook system has auto-reviewed the ad and Will come back with an approval.

·      Once that’s done the ad is a go and I can monitor the effectiveness press much in real time, letting it run or cancelling it and tweaking or rebuilding my target audience as I go.

·      Whole process takes minutes, for the kind of highly targeted and usually very responsive campaign that would not have been remotely possible within the biggest advertising budget a decade ago.

 

Now you know the secrets behind Mattsplained’s amazing advertising success, after the break, we’ll find out what this means for you.

 

BREAK

 

Before the Break we were talking about Cambridge Analytica and the way advertisers and data firms are able to monetise the actions we take online.

 

Why should listeners be concerned about breaches like this?

·      As I mentioned at the top of the show, a lot of people don’t understand how information like this can be used.

·      They see it as a bunch of unconnected Data points. Let’s look at some of the things you might do on Facebook.

·      For example, you may be a member of a neighbourhood group that someone set up to share information about local amenities, security, meet ups and social events.

·      You often comment on posts that your friend share about the latest Netflix shows.

·      You tend to like neighbourhood stores and cafes rather than multinational chains.

·      You rarely show interest in your friend’s posts about world news that you’re always the first to comment on anything linked to the Abuse of children.

·      However much you might want it to be, this is not disconnected information

·      That information tells someone that you’re active in your community, that you prefer to spend your money in that community rather than giving it to large, faceless corporations. You probably take the security of your family a very seriously, you spend a fair bit of time at home watching TV.

·      For political operations like Cambridge analytica, and for marketers, that information is gold dust.

·      You can make a lot of inferences just that small pool of data. You’re probably likely to be middle-class. Educated. A good job in middle management. Have a family. You’re saving for their future.

·      And that gives targeting firms a fairly good idea how to push your buttons.

 

But it’s still anonymous. They don’t know who you are, do they?

·      Let me answer that in two parts.

·      Firstly, there will be a group of people who don’t care Who you are as much as what you are and where you are.

·      Most of us are far less individual than we think. The way artificial intelligence works at the moment largely predicates on that basis.

·      Instead of creating a machine that can think like human, we create machines that think like an aggregate of humans.

·      That might not sound like much, but we can bypass the enormous problems we face in replicating the biological process of our brain and its ruminations, with the statistical likelihood of aggregate outcomes.

·      That kind of approach is very useful to a company who might be trying to influence an election result in a marginal constituency. You may suddenly find your feed full of terrifying sounding video clips and news reports designed to nudge you towards, say, the law and order candidate.

·      Similarly, and I’m certainly not claiming that this was done, if you were someone of a particular ethnic group who might be targeted by that law and order candidate and thus, unlikely to vote for that candidate, your feed may be full of reports of police roadblocks and ID checks, checks you know tend to target your race, and you might make the decision to skip this election cycle.

·      So you fire one group up to vote and suppress the desire to vote in another group.

 

And the second part, presumably this is where they can identify you.

·      Not all the information we generate is as anonymous as we think.

·      We will be talking about this a bit more on our forthcoming show, but bit coin, and other digital currencies, are often a lot less anonymous than people think.

·      In fact they’re not designed to be anonymous, they’re designed to be decentralised which people often conflate.

·      For example, forensic cryptologists can often trace transactions back to an individual in matter of minutes.

·      Why? Because all the transactions are stored in the shared ledger. Those transactions end up in digital wallets that we sign up for using our everyday email address at online exchanges.

·      Reverse engineering data is often easier than it sounds.

·      Medical insurers have gotten into hot water in the past for reverse mining anonymised medical data.

·      Some details tend to stick out, let’s say if you were hiding the fact you had multiple sclerosis in order to get cheaper medical insurance, your behaviour, such as items you might purchase in independent pharmacies or support groups that you belong to.

·      When you take the information from a huge data set it’s almost impossible to identify an individual.

·      When you combine and cross reference those data sets with other databases that operate at a far more granular and local level, then can start matching individual households and names to the medical conditions.

 

How do we keep our data and our profiles safe?

·      Maybe safe isn’t the word but there are quite a lot of things you can do to protect yourself.

·      Firstly, there’s the law.

·      Secondly, is bringing direct pressure on companies like Facebook.

·      Thirdly, there is direct action, and I don’t mean that in a social activism kind of sense, I mean physical steps you can take to muddy the waters are little.

 

The first thing you mentioned is the law. How does that work?

·      One of the things that came out in the sting on Cambridge analytica CEO Alexander Nix was his attitude towards the cluelessness of lawmakers when it comes to this kind of data harvesting.

·      He alluded to being happy to answer their questions because they weren’t asking the right ones. Because they don’t know enough about this current of information to know what are the right questions to ask.

·      And if you don’t know what questions to ask, how can you regulate or legislate an industry?

·      So That would be the first thing, I think. When you elect representatives, or if you’re lucky enough to be part of the process of selecting the candidates to elect to your various legislatures, make sure that they have an understanding of digital commerce and data flows.

·      Secondly, make it very clear when the candidates or your representatives conduct town hall or meet the public type meetings, that you expect them to represent your rights in this area.

·      Find out what the law is, and work out whether you think those laws are adequate, inadequate or overreaching and let your local representatives know.

 

What pressure can we bring to bear on companies like Facebook?

·      Here’s the tricky thing. In order to sort this part out, we have to understand that we’re also partly complicit.

·      That’s not something that people like to hear, because it’s always nicer to have someone else to blame.

·      We are in this situation partly because we decided that we don’t wanna pay for stuff.

·      That means Facebook and Google and Instagram and everybody else the provides the service for us free of charge, has to find some other way of making money.

·      And as none of us like watching adverts, that means all sorts of hoops have to be jumped through to turn us into money.

·      One simple thing we could do is pay for Facebook. Give them a monthly fee.

·      That doesn’t mean they won’t still sell ads give third parties access to the data, but it does strengthen our hand when it comes to telling them what is acceptable and what isn’t when it comes to handling our private information.

·      Right now we are users, we’re the consumers but not the customers.

·      Customers give Facebook cold hard cash.

·      Our power relies on the need of companies like Facebook to keep our eyes on-screen in order to sell the information that we generate to their customers.

·      Strengthen your hand. Cut out the middleman. Be the customer and not the consumer.

 

You mentioned a third route: direct action.

·      There are already little programs you can put on your computer that will make multiple Random searches every minute to search engines like Google.

·      That distorts the profile the Google builds around you.

·      I don’t think you can do the same thing automatically on sites like Facebook, you can certainly do it manually.

·      Randomly liking and unliking celeb profiles and interests.

·      Following links to news stories you have no interest in and leaving the page open. Maybe even clicking around on that site a little more.

·      Just adding layers of distortion that will affect the accuracy of any profile built around you.

·      It might sound small and petty, but if enough people do it will distort those aggregate data pictures.

·      And if those pictures aren’t accurate, then they are of little or no value.

·      When a company like Cambridge analytica comes along, even if it does scoop up all this information, it will either have to come up with another piece of software that tries to compensate for the deliberate distortions in the data sets, or run the risk of selling unsound marketing strategies to their clients.

 

One thing you haven’t suggested is deleting your Facebook profile. 

·      I still believe that the business model is more the cause then the site itself.

·      As much as we might think otherwise, None of needs to be on Facebook, so it is a personal decision.

·      But it’s more of a protest than the solution as far as I can see.

·      There are still plenty of other ways that we get tracked everytime we go online.

·      If you go and  join another social network that you aren’t paying for, you’re inviting exactly the same scenario.

·      So yes, there is a #deleteFacebook campaign doing the rounds at the moment.

·      Of course Facebook’s algorithms don’t particularly favour hashtags and there’s a certain irony to waging this campaign on twitter, which is not without its own issues.

 

Some people think this could be the end for Facebook. Could it?

·      Some people also think that the biting satire of Trevor Noah, Stephen Colbert and Seth Meyers can bring down Donald Trump.

·      It can’t. They’re already preaching to the choir.

·      The same thing applies here.

·      Facebook isn’t just Facebook. Facebook is Instagram. It’s Whatsapp.

·      Facebook is an enormous company with many tentacles. It’s branched out of its core business for very sound financial reasons.

·      Some of those are for diversification, some are to anticipate trends and movements by its users and also to consolidate its market position.

·      The bigger question for me is, how many of its 2 billion users even care about this story?

·      How many of them are using languages that this story will be reported in?

·      As I said, Zuckerberg will probably be more concerned about the effect of this on revenue than on share price in the short term.

·      He has always sought to be in control of the company, and even after its IPO controls a majority of its voting shares.

·      Remove him as CEO or even from the board and he still effectively controls the company.

·      The only thing that is going to bring Facebook down is technology.

·      When we make that next technological leap, Will Facebook be agile enough to switch or follow or will it go the way of friendster, MySpace, eBay, Flickr and all these others who are all at one end or another of the adapt or die tunnel.

·      Despite the ubiquity of Facebook and Google today, in my view, it seems quite likely that Amazon Will emerge as the champion of the Next Generation of the Internet.

·      With an octopus like retail and distribution system that can handle everything from fresh food to roofing materials, an enormous chunk of the service market that powers all of our cloud-based apps and the class leading voice activated operating system in the shape of Alexa, for which there is already a dizzying array of cheap hardware peripherals baking Alexa into their core, my money is on Amazon replacing all of them in the very near future.

 

You don’t see any easy solutions?

·      This isn’t black and white.

·      Of course, it would seem that Facebook needs far more robust systems in place to stop its Partners and customers from violating its terms and conditions, as Mark Zuckerberg has admitted.

·      Goes back to something that I’ve been saying for quite a long time.

·      If you have data online, the safest thing is to assume that it is compromised.

·      When you post something to a social network, assume the whole world is watching and ask yourself, do you want the whole world to see or hear this?

·      It may sound paranoid, but that’s your best protection, to assume that you have no protection.

·      No system is hack proof. In the CA case, illegitimate information may have been obtained through legitimate means, but we’ve seen in repeated hacks over the last few years, whether it’s from our ISPs, our banks, the companies we contract services from, that even the most robust systems can be compromised.

·      Maybe you’re one of the gullible people who responds to direct phishing and email scams. I’ve known a few people who’ve been caught in online honey traps.

·      The point is: if your information is online, someone can find it.

·      And by online, I mean all those photos sitting on your phone that you think are private.

·      They aren’t. It’s just that nobody has bothered to hack you. Yet. You might be one of the lucky tens of millions who never get hacked: or you may get hacked tomorrow or next week or next year.

·      However much protection we have from laws or companies, No one will do this for you. Protecting yourself starts with you. Unfortunately, it doesn’t end there.

 

Matt Armitage