Cyber Security and Emerging Threats McCartney Lee

Surveillance Capitalism, Cambridge Analytica, and Data Security

According to Harvard Business School professor Shoshana Zuboff, surveillance capitalism exists as a new and dangerous form of capital accumulation. Through our online world, our data is being used for financial and political gain in numerous ways. Internet based corporations like Facebook and Google are capable of collecting our online data and aggregating it in ways that someone may find advantageous. This data is analyzed, compared and predicted, and is passed on to organizations seeking to influence our consumer and political behaviors. Many argue that this acts as a form of dispossession. Online users often don’t knowingly consent to having their data harvested, and are even more oblivious as to how these organizations can shape our attitudes, perceptions, and desires.

Up until now, very few have questioned this status quo. Corporations have been harvesting online data from Facebook users for years. However, with the unveiling of the Cambridge Analytica (CA) scandal, in which at least 50 million Facebook users experienced non-consensual data harvesting, this conversation is getting some much-needed attention.

The Cambridge Analytica Scandal: What You Need to Know (So Far)

Christopher Wylie, a Canadian citizen and former CA employee, recently revealed to The Guardian how Robert Mercer’s Cambridge Analytica used unauthorized personal information to build a program that could profile voters in order to target them through political advertising. Meeting Steve Bannon in 2013, Wylie was recruited by the Breitbart editor-in-chief under the mutual belief that “politics was downstream from culture,” and to “change politics, you need to change culture.” This resulted in a partnership based on the innovative idea that political behaviour could be shaped through consumer attitudes and perceptions. Wylie describes how CA would exploit “Facebook to harvest millions of people’s profiles. [Building] models to exploit what we knew about them.” According to CA’s website, the company was able to identify the most persuadable voters and the issues they cared about through data analysis. CA would then send “targeted messages to them at key times in order to move them to action.” Appearing before congress on May 16th, Wylie went further to describe how CA under Bannon engaged in voter suppression efforts. Particularly focusing on the African-American community, CA would send out targeted advertising reminding voters of Clinton’s reference to African-American youth as “super predators” in 1996. Funded by Robert Mercer, further speculation exists that CA actually subsidized costs to the Trump campaign for these voter suppression tactics, under the guise of a “campaign contribution” from the Mercer family. Facebook knew about these data breaches as early as 2015, but failed to alert consumers and take steps to secure the profiles of their users.

By all accounts, getting access to this data was far too easy for CA. Sandy Parakilas, the previous Platform Operations Manager at Facebook, had warned Zuckerberg about the potential for a breach during his term of employment from 2011 to 2012. However, his pleas for stricter privacy regulations fell on deaf ears, with Facebook executives believing that the company would be in a stronger legal position if it feigned ignorance regarding the data harvesting. This enabled Aleksander Kogan’s app to obtain information from some 300’000 users who downloaded its contents and consented to data sharing. Using something called a “Friends Permission Feature,” these 300’000 users consented to giving the app access to the personal data of all of their online friends, resulting in the data-sharing going from 300’000 to some 50 million overnight. Kogan then shared this information with CA, which was able to aggregate this data in order to profile voters and engage in widespread-targeted political advertising in favour of the Trump campaign. Parikalis estimates that the “majority of Facebook users” have had their private information harvested through applications. Because approximately 11 percent of Third Party app developers utilize the Friends Permission Feature, tens of thousand of apps have systematically culled the information of hundreds of millions of users, using this data for commercial, political and other unknown purposes.

Data Harvesting: A Much Bigger Problem

During his highly publicized trip to Washington, Zuckerberg seemed to express a sincere commitment to tightening up privacy regulations so that this type of breach won’t easily occur in the future. However, what he failed to acknowledge was how this issue is bigger than just CA. The scope of the problem is much larger than one company harvesting user data. Thousands of Third Party Apps are able to cull data under Facebook’s current privacy regulations, and the company is currently investigating over 200 apps that have been known to harvest data without consent for commercial and political purposes. If the majority of users have had their digital exhaust harvested, then surely the damage has already been done, and only through comprehensive legislative reform will app developers be restricted from this type of activity in the future.

The unveiling of Canada’s Bill C-59, which would allow the Communications Security Establishment (CSE) to collect publicly available information in order to engage in both “active and defensive” cyber security, is a major legislative step towards restricting this type of online activity in the future. Further, John McCain’s sponsorship of the “Honest Ads Act” would ensure that foreign governments could not purchase online political advertisements targeting American’s, requiring online platforms to disclose how certain ads are targeted as well as how much they cost. Before these measures can be implemented in North America, we need to engage in a serious public debate regarding whether these strategies are proportionate for intelligence agencies, and whether we are willing to give our governments greater power and control in exchange for visions of security and privacy.

Cambridge Analytica Protest Parliament Square (2018), by Jwslubbock via Wikimedia Commons. Licensed under CC BY-SA 4.0.

Disclaimer: Any views or opinions expressed in articles are solely those of the
authors and do not necessarily represent the views of the NATO Association of

McCartney Lee
McCartney Lee is a Program Editor for the NATO Association of Canada with a focus on the Canadian Armed Forces. In 2018, McCartney completed his Honours Bachelor of Arts degree in Global Development and Political Studies at Queen’s University, where his primary academic interests focused on international relations, Canadian/American politics, development theory, and political economics. During his studies, McCartney had the opportunity to spend 8-months abroad in Ghana, where he worked as a Project Development intern for a local NGO. Working at the Centre for Active Learning and Integrated Development (CALID), McCartney was responsible for coordinating fundraising events, drafting grant proposals and assisting with the implementation of organizational projects.