Cambridge Analytica, the data analytics firm that helped Donald Trump get elected president, amassed Facebook user data for some 50 million people without ever getting their permission, according to a report from The New York Times.
Facebook claims that it wasn’t breached, and that while it has suspended Cambridge Analytica from its service, the social giant says it is not at fault. Facebook contends that its technology worked exactly how Facebook built it to work, but that bad actors, like Cambridge Analytica, violated the company’s terms of service.
On the other hand, Facebook has since changed those terms of service to cut down on information third parties can collect, essentially admitting that its prior terms weren’t very good.
Facebook offers a number of technology tools for software developers, and one of the most popular is Facebook Login, which lets people simply log in to a website or app using their Facebook account instead of creating new credentials. People use it because it’s easy—usually one or two taps—and eliminates the need for people to remember a bunch of unique username and password combinations.
When people use Facebook Login, though, they grant the app’s developer a range of information from their Facebook profile—things like their name, location, email, or friends list.
This is what happened in 2015, when a Cambridge University professor named Dr. Aleksandr Kogan created an app called “thisisyourdigitallife” that utilized Facebook’s login feature. Some 270,000 people used Facebook Login to create accounts, and thus opted in to share personal profile data with Kogan.
The Times found that Cambridge Analytica’s data for “roughly 30 million [people] contained enough information, including places of residence, that the company could match users to other records and build psychographic profiles.”
This all happened just as Facebook intended for it to happen. All of this data collection followed the company’s rules and guidelines.
Facebook is not alone in this world of data sharing. The major mobile platforms, like iOS and Android, allow developers to collect people’s contact lists with permission. Twitter has a login feature similar to Facebook Login, and so do Google and LinkedIn.