A breach by any other name, as Facebook learned over the weekend, is still a breach.
After a pair of bombshell reports in The New York Times and The Observer, which revealed that Cambridge Analytica — a data firm working for Donald Trump’s campaign — harvested the private information from 50 million users without their consent, Facebook has scrambled for a response.
However, instead of admitting its mistakes — to say nothing of appreciating the magnitude of the information leak, given the questions still swirling about Russia’s manipulation of the platform — Facebook appears as if it’s doubling down on its supposed innocence in the entire affair, and targeting those who revealed the information in the first place.
After Friday’s announcement that it had suspended Cambridge Analytica from the platform, Facebook issued an update on Saturday morning pushing back against claims that the release of the information had been a “breach.”
Despite the fact that tens of millions of Facebook users had seen their information slip into the hands of a firm working for Trump’s campaign — information shared, again, without their consent — Facebook’s Vice President and Deputy General Counsel Paul Grewal issued a statement saying that the “claim that this is a data breach is completely false.”
Grewal defended Facebook’s position, saying that the academic who had initially gathered the information from users, Aleksandr Kogan, had only targeted users who “knowingly provided their information,” and that “everyone involved gave their consent.”
A few hours later, Facebook’s Chief Security Officer Alex Stamos added on Twitter that it “is incorrect to call this a ‘breach’ under any reasonable definition of the term.” Kogan, wrote Stamos, “did not break into any systems, bypass any technical controls, or use a flaw in our software” to gather the data later used by Cambridge Analytica. Rather, according to Stamos, Kogan used Facebook exactly as it was designed — and only later broke his agreement with Facebook in passing the accumulated data on. As Recode wrote, “Facebook contends that its technology worked exactly how Facebook built it to work.”
Stamos, Grewal, and Facebook may technically be right in that the revelations don’t constitute a “breach,” at least as the term is traditionally understood. But when it comes to the unethical, and nonconsensual, use of 50 million users’ data, Facebook’s response appears little more than semantics, especially given that the data breach was first reported two years ago.
Facebook's defense that Cambridge Analytica harvesting of FB user data from millions is not technically a "breach" is a more profound & damning statement of what's wrong with Facebook's business model than a "breach".
— zeynep tufekci (@zeynep) March 17, 2018
Just a reminder: this is where you can check which apps have access to your Facebook data, or which sites you’ve logged in to. https://t.co/zlxRx3EGOj
— Anil Dash (@anildash) March 17, 2018
Indeed, it appears that Stamos realized that Facebook’s decision to dance around the magnitude of the issue was only making matters worse. Stamos quickly deleted the tweets, saying that he “should have done a better job weighing in.”
— april glaser (@aprilaser) March 17, 2018
I have deleted my Tweets on Cambridge Analytica, not because they were factually incorrect but because I should have done a better job weighing in.
— Alex Stamos (@alexstamos) March 17, 2018
But Facebook’s response to the reports haven’t been limited to wordplay. According to Observer journalist Carole Cadwalladr, who helped break the story, Facebook threatened to sue her and her publication for their reportage.
— Carole Cadwalladr (@carolecadwalla) March 17, 2018
Likewise, Facebook has suspended the account of Christopher Wylie, the whistleblower who revealed the details of the breach, as well as the role Steve Bannon played in utilizing the information.
— Christopher Wylie (@chrisinsilico) March 18, 2018
However, Facebook’s legal threats, de-platforming, and attempts at wordplay are only one piece of a burst of problems facing the company. Both federal and state-level officials are suddenly making noise about investigating both Facebook and Cambridge Analytica, including having Facebook CEO Mark Zuckerberg testify in Washington — a move he has so far been able to avoid.
Likewise, in Britain, the Guardian reported that the head of a parliamentary committee tasked with investigating fake news believes both Facebook and Cambridge Analytica misled British officials on both their relationship and access to data.
The revelations also open up a raft of new questions about the presidential election, the Brexit referendum, and the relationship the Trump campaign maintained with Cambridge Analytica. Not only did Cambridge Analytica — currently under investigation from Special Counsel Robert Mueller — receive millions of dollars in funding from Bannon’s patron, Robert Mercer, but Trump’s former National Security Adviser Michael Flynn also advised the firm. Cambridge Analytica founder Alexander Nix even contacted Julian Assange about accessing emails stolen from the Hillary Clinton campaign.
For now though, it’s Facebook that faces the brunt of the pressure, coming on the heels of months of questions about its non-response to Russia’s interference operations on the platform. Those questions persist, given that Facebook still, more than six months later, has not released a comprehensive list of fake Russian accounts and pages.
Whatever term Facebook wants to use, tens of millions of its users saw their information unwittingly passed along to a team working for the Trump campaign. It may technically not be a breach, sure, but it’s an information-gathering operation of unprecedented proportion, almost entirely among millions who had no idea it was going on.