Every day brings new revelations about the protection of personal data and the nefarious uses to which it can be put. The most recent scandal involves Facebook and the way it manages third-party access to user information. Current protocols and regulations are not doing the job. Ordinary users — individuals whose most intimate details are being traded and exploited — must register their discontent if change is to come. Absent a radical shift in thinking among consumers, that is unlikely.
Facebook is facing intense scrutiny in the wake of charges that Cambridge Analytica (CA), a data-mining firm that puts its skills to work on behalf of political campaigns, violated Facebook rules by taking personal data from the social media site’s users and the company did nothing about it. In 2013, a Cambridge University researcher developed a personality quiz app that required users to grant access to their personal data, information that included friends and “likes.” While “just” 270,000 users downloaded and used the app, it estimated that each Facebook user has about 200 friends, meaning that the researcher had access to more than 50 million people.
The researcher provided the data to CA, which used it to create detailed profiles of users and target them in the 2016 presidential campaign in the United States. (The Trump campaign has said that it did not use data from CA; Special Counsel Robert Mueller is investigating the claim.) Provision of the data to a third party violated Facebook’s rules and Facebook says that it conducts “a robust review” to ensure that apps have a legitimate need to obtain users’ data. The company also says that it discovered the transfer in 2015 and demanded that CA delete the data, and received assurances that it had done so. A whistleblower has claimed that Facebook knew otherwise and did nothing to either stop the violations or protect the data of its users.
The data diversion is worrisome; the uses to which it was put are even more troubling. This week, Channel 4 News in Britain showed a series of videos detailing meetings with CA executives and they are gruesome. In one, Mark Turnbull, the managing director of CA Political Global, admits that his company aims to “drop the bucket further down the well than anybody else, to understand what are those really deep-seated underlying fears, concerns.” He added that “it’s no good fighting an election campaign on the facts because actually it’s all about emotion.” In other words, the data that CA mined from Facebook is being used for profiling and manipulation. It is a troubling admission about the state of campaigning, and the ways that personal information can be weaponized in the pursuit of political objectives.
It is tempting for Japanese to dismiss such practices as distant concerns. Japanese politics is much more personal, and the campaign advisers and the techniques they have exported to other countries do not seem to be much valued in Japan. That thinking is too complacent.
Facebook has around 30 million users in Japan, a number that has been steadily increasing. There were 27.34 million users in 2015 and the total is expected to reach 30.84 million in 2022, or around one-quarter of the population. The most popular messaging app in Japan is Line, which had over 50 million users in the first quarter of 2017. The spread of digital platforms facilitates the dissemination of highly targeted news and information. Polling shows that this year, the number of people getting news from electronic sources — smartphones and computers — surpassed the number of people getting their news from newspapers for the first time since 2008. This is the technological prerequisite for manipulation that firms like CA appear to celebrate.
The second problem — the security and integrity of user information — is one that Japan knows well. In 2016, cyberattacks were responsible for 12.6 million cases involving the leak of personal information, or about 10 percent of the population. Targets ranged from automobile manufacturers to travel agencies, and included airlines, cosmetics makers and online service providers. As companies are not legally required to report a data breach incident to the authorities or to notify relevant data subjects, the number could be higher.
Regulators in Britain and the U.S. have demanded that Facebook turn over its records and they want top executives to explain the company’s policies and behavior. Thus far, such efforts have had little impact. Facebook — like every other company — needs information about its users to make money. Precision targeting of messages — whether for commercial purposes or for a political campaign — demands data. In other words, companies use individuals’ information to profit. One of the most important issues of the digital economy is ownership of that information: Only when individuals assert their right to that data will the abuses stop.