Yesterday the Observer got what appeared to be one hell of a scoop: Carole Cadwalladr revealed a whistleblower from inside controversial firm Cambridge Analytica, the company that it is claimed by some was at the heart of Trump’s success in the 2016 American election. 28 year old Christopher Wylie was revealed to have been one of the brains behind the firm’s micro-targeting and data collection technologies, which he referred to as “Steve Bannon’s psychological warfare mindfuck tool”.
The firm has also been linked to Brexit, having previously worked with one of the Leave campaigns.
On the surface, this appears to be an enormous story: it could explain why the Trump and Leave campaigns were so effective in their digital campaigns. Though digging deeper and some commentators are sceptical of the claims made by both Cambridge Analytic and Cadwalladr’s reporting.
Unfortunately, I don’t have an entirely coherent, unified take on all of this — other than to say that it is absolutely bloody fascinating — but I do have four micro-takes on what is being reported, which I think are important for understanding the story going forward.
This Was Not a Data Breach
With a story as technical as this there is a challenge: How to communicate that to the general reader? Unfortunately, this is where much of the coverage has struggled - albeit for understandable reasons.
— Neil Henderson (@hendopolis) March 17, 2018
The framing of the story on the front page of the Observer, for example, referred to the data collected by CA as a “data breach” - though this isn’t quite true. “Data breach” implies something illicit happened, such as that Facebook users’ data was hacked, perhaps like the big Equifax breach a few months ago.
As it turns out though, the way CA acquired the data was entirely above board. As Jay Pinho points out, the company was able to harvest the data using the Facebook API - or Application Programming Interface - which allows third party developers, such as the makers of all of those stupid quizzes, to take data from your Facebook account to tell you which Disney Princess you’re most like - or in CA’s case, what your psychological profile is.
And though only around 270,000 users took CA’s quiz, the way the API used to work was that taking the quiz would also expose data on a Facebook user’s friends, so that data could be downloaded too. Interestingly too, it appears that this happened in 2013 or early 2014, before Facebook changed the rules on what its API gives access to. Now the same stupid quizzes and the like can only access much less data. But that doesn’t matter, because CA could have already acquired the data on a hell of a lot of people.
In any case, this isn’t really a “data breach”. Of course, there could be different issues - such as around data storage, or consent over how data is used or stored by CA (or even FB). And that is going to be an important question for the lawyers who all sides are presumably currently activating. But for now the most important point is this: This wasn’t a hack, despite what the headlines suggest.
And if you’re wondering why the Observer and others are referring to it as a data breach, with all of the baggage it implies… then how would you sum up the above in a headline? Exactly, it is hard.
Whether “New” Technology or Not, it is Definitely a Big Story
Another critique of the story is the hipster one: what Cambridge Analytica does isn’t unique. It doesn’t have secret, magical powers to manipulate or acquire data. In fact, it is doing the same thing as countless other marketing and PR firms. This is how advertising works now in the 21st century.
And yes, this is true - and people close to the industry and the nerds probably know this. But not everyone knows this. Leaving aside the shadowy, conspiracy stuff linked the people and campaigns who Cambridge Analytica has worked with, it is still newsworthy.
Remember the Panama Papers, in which thousands of documents exposed hundreds of super-rich people tax avoiding and doing complex financial chicanery that most of us don’t understand? Arguably, this is pretty similar: though these sorts of schemes had been exposed in the past, the disclosures painted a broader picture about how the modern financial system works. In the same sense, even if Cambridge Analytica is just doing the same thing as many others, this story still shines a light on these data-analysis and marketing techniques that the general public was perhaps largely unaware of.
Another, more controversial, analogy would perhaps be to the President’s Club: you remember, that was the posh fundraiser, in which the female “hostesses” were subject to constant harassment from creepy rich men. In that case, the event was hardly unique - misogyny is baked into our culture, and there are presumably countless events like it. Yet it was still worth exposing to shine a light on what is going on.
So even if Wylie’s leaks and disclosures don’t provide the smoking gun that links Trump to Putin - or whatever else we may hope it leads to, the story is still an important.
Regulating and Handing Power to Government is Also Not Without Problems
Today’s Daily Telegraph leads with the story: “End of the Wild West for Tech Firms”, and talks about how digital minister Matt Hancock is now talking about how social media firms like Facebook should be regulated.
— Neil Henderson (@hendopolis) March 18, 2018
Over the past few months, even before these disclosures, the zeitgeist is definitely shifting further towards how government should take a more hands-on approach to regulating these companies.
And to a large extent, I think that they’re right. Facebook, as well as Google, Amazon and Apple - and a handful of other massive firms, control enormous swathes of our lives. Though the internet is an “open” system, the truth is that these handful of firms dominate so much they are effectively an oligopoly: It is more or less impossible to avoid these firms if you are an internet user.
So it is right that these companies be subject to greater scrutiny. The only problem is that the alternative isn’t particularly great too.
Given how deeply embedded technology is in our lives, given that all of our devices have cameras and microphones, given that Facebook is the public square now we all live online, given that Google’s search algorithm decides whether a company or an idea can sink or swim… how much control do we really want to hand the government over this?
This is actually a much easier point to make than what I was banging on about it back in 2014 before the world went crazy: do you really want to hand Donald Trump more powers to control the information we get? What about the more crazy Brexiteers, or Jeremy Corbyn, depending on which way you are politically inclined?
One of the most important things we need to do when designing governmental institutions is considering what would happen if an authoritarian or a demagogue got their hands on the levers of power. It’s the reason why I’ve previously sided on the Edward Snowden side of the debate and argued that governments shouldn’t be granted enormous, draconian surveillance powers.
So while Facebook’s massive database on all of us may make a natural case for regulation - we also need to think carefully about how much power to give governments too. Balancing these two centres of power is going to be the big, impossible question of our current era.
How The Hell is Society Going to Have an Informed Debate on This?
So above I’ve sketched out some of the contours of debate sparked or enriched by the Cambridge Analytica story. But here’s the really awkward thing, which I’m not sure how we should handle: we’re stunningly, woefully under-equipped to have a political debate about this.
Jeff Hammerbacher, a former Facebook data scientist once said, “The best minds of my generation are thinking about how to make people click ads”, and he’s right.
The CA story is hugely technical. To have an informed opinion on it you need to understand how APIs work, how adtech works, how data is stored, how databases work, maybe a bit about how neural networks analyse data. You need to understand the fundamental building blocks of the internet.
And you don’t need me to point out that most of us - including myself - lack the computer science skills necessary to understand this. Our politicians are even worse. Even Amber Rudd, who is nowhere close to being on of Parliament’s oldest farts doesn’t understand how encryption works. So how are all of the even older politicians supposed to cope? In the 2015 Parliament there were only 26 (out of 615) MPs who studied a science degree (I can’t find figures for after last year’s election but I’m willing to bet it is similar).
How can we hope that these people will be able to grasp the concepts necessarily to sensibly respond to Cambridge Analytica and stories like it?
I don’t think this is like other highly technical areas too - like Climate Change or building a particle accelerator, where we can’t rely on the assumption that (most) MPs will listen to experts either: This debate raises fundamental questions about the role of government, our rights and our civil liberties in a way that can’t be siloed.
So regardless of how the CA story turns out, I’m not sure we’re fully equipped as a society to deal with the aftermath.
James O'Malley is the Interim Editor of Gizmodo UK and tweets as @Psythor.