Gary Hibberd

20190801

‘It began with a dream of a connected world: matchmaker, fact checker, guardian of our memories…but no one bothered to read the terms and conditions.’  These are the words spoken at the start of The Great Hack by Associate Professor at Parsons University, David Carroll, the man who legally challenged Cambridge Analytica in the UK courts to recapture his 2016 voter profile using European data protection law.

If you’re not sure what this is, then allow me to start at the beginning.

A long long time ago, in a digital universe not so far away…

In 2013, data mining organisation Cambridge Analytica (CA), created an app called ‘ThisIsYourDigitalLife’ which prompted Facebook users to answer questions for a psychological profile.  It is understood now that almost 300,000 users were paid to take the psychological test. The app then harvested their personal data and gathered data from their Facebook friends. This reportedly resulted in CA collecting data from millions of Facebook profiles.

Unfortunately for Facebook, whilst they changed their rules in 2014 on what third-parties could do with data they had harvested, they didn’t enforce this retrospectively. Therefore CA were left in the enviable position of having millions of data points on us humans that could be used for… whatever they wanted to use it for.

Fast-forward a couple of years and CA were helping a number of political causes, including campaigns for Ted Cruz, Donald Trump, and the UK referendum on leaving the EU (aka Brexit).

CA had demonstrated that they could influence how people responded to messages and news feeds, and could directly target key groups, and influence political opinions (eg. pro-Clinton supporters could be shown pro-Trump and negative Clinton stories on their timelines.

In short, CA were not just influencing us. They were manipulating us.

This all came to a head in March 2018 when whistle-blower, Chris Wylie, reported these goings-on to the press.  And that is where we will return to Netflix’s The Great Hack to pick up the story.

The Great Hack

If you’ve not seen the show, allow me to summarise it for you. It’s very interesting and very well researched (although most of the research was taken from news reports and information already in the public domain).

The documentary goes into great detail about how Facebook operates and even greater detail on the rise of Donald Trump and the Brexit campaign in the UK.

All the facts are laid to bare, and relayed in a manner which makes for a good 2-hour-plus movie, with moviesque voice overs, camera pans and gripping music. If you’re interested in the story you’ll find the whole thing thrilling, even if we do know the outcome. But even though we know how the story ends, are we listening to the moral of the story?

Emotional contagion

The story of CA and Facebook has much to teach us, if we’re willing to look beyond the headlines.  Most importantly it demonstrates how easy we can be manipulated to believe what someone else wants us to believe.  Many of us now get our information and news not from traditional news vendors (TV, newspapers etc.), but from social media.  It’s this very reason that Facebook and others are beseeching us to ‘fact check’ before sharing something, and they have even introduced ‘Fact checkers’ who scour the platform for misinformation..

How we see the world can be directly affected by what we see on our ‘social media timelines.  This has been proven in the CA/Facebook case, and even before this when Facebook carried out their own psychological tests -without OUR permission!  

They demonstrated that emotions can be spread – like a virus – over social media. Facebook can make people feel happy, sad, scared or excited simply by feeding us more (or less) of key information.  This is known as ‘emotional contagion’: the phenomenon of having one person’s emotions and related behaviours directly trigger similar emotions and behaviours in other people.

So the question for us to consider is: given that we can be so easily manipulated, can we ever trust what we see online? Will there ever be a truly democratic vote/election ever again?

Of course this is nothing new. Propaganda and ‘fake news’ have been used for generations, even in WWII when six billion leaflets were dropped over occupied lands claiming the war was over.  But this propaganda action was obvious and clearly evident compared with the insidious nature of the manipulation of our thoughts and emotions that social media can achieve.

Conclusion

There is so much more to the CA/Facebook story we can and should explore, but for now it is important for us to ask ourselves some very important questions:

  •  Should we believe everything we see on the screen (“In screen we trust.”?)
  •  Who am I sharing my data with?
  •  Should I share all my deepest thoughts, fears, likes and dislikes on social media?
  •  Where does my data go?
  •  How much of my cyber-self is betraying my real-self?

You may be left wondering what all of this has to do with data protection and cybersecurity in business. We would urge you to consider that the people who don’t care or understand about their own privacy online, are unlikely to care too much about your customers or clients either. So when we hear that over ninety percent of data breaches are caused by human error, we shouldn’t be too surprised.

We can’t be surprised by these facts, because we’re not thinking deeply enough, at the individual level. We have an individual and a collective responsibility towards data protection and cybersecurity if we’re going to prevent being so easily manipulated in the future.

The Great Hack ended with Facebook and the senate hearing with Mr Zuckerberg in the hotseat. But this shouldn’t be where the story ends. It’s where the story begins.

Other resources

Case studies

Our cyber consulting team works with clients from public sector bodies and global businesses to SMEs and start-ups. Read our success stories here. Learn more >

Video

See what our team have been discussing around current issues in regulation and data security, and recommended processes and policies that will benefit your business. Learn more >

Whitepapers

In our collection of whitepapers, Cyberfort’s cyber consulting experts explore issues from cyber threat intelligence to incident planning and data security. Read our whitepapers to help make informed decisions for the benefit of your business.Learn more >