Don’t blame Cambridge for Facebook’s privacy crisis

Mark Zuckerberg tried to blame Cambridge University in his recent testimony before the US Senate, saying “We do need to understand whether there was something bad going on in Cambridge University overall, that will require a stronger action from us.”

The New Scientist invited me to write a rebuttal piece, and here it is.

Dr Kogan tried to get approval to use the data his company had collected from Facebook users in academic research. The psychology ethics committee refused permission, and when he appealed to the University Ethics Committee (declaration: I’m a member) this refusal was upheld. Although he’d got consent from the people who ran his app, the same could not be said of their Facebook “friends” from whom most of the data were collected.

The deceptive behaviour here has been by Facebook, which creates the illusion of privacy in order to get its users to share more data. There has been a lot of work on the economics and psychology of privacy over the past decade and we now understand the dynamics of advertising markets better than we used to.

One big question is the “privacy paradox”. Why do people say they care about privacy, yet behave otherwise? Part of the answer is about context; and part of it is about learning. Over time, more and more people are starting to pay attention to online privacy settings, despite attempts by Facebook and other online advertising firms to keep changing privacy settings to confuse people.

With luck, the Facebook scandal will be a “flashbulb moment” that will drive lots more people to start caring about their privacy online. It will certainly provide interesting new data to privacy researchers.

6 thoughts on “Don’t blame Cambridge for Facebook’s privacy crisis

  1. Last year, I wrote the following paper about the possibility of harvesting personal data from Facebook using phone number and reported this issue to Facebook.

    However, Facebook answered that privacy settings can be effectively used to protect user data from our enumeration attack. Unfortunately, they didn’t fix it.

    I believe that Facebook should carefully listen to such voices to fix their problems.

  2. I think the recent Facebook Cambrige Analytica debacle has prompted a huge chunk people to resolve the privacy paradox one way or another. A whopping 10% of Americans have deleted facebook since the debacle started; the number may be even higher for the Netherlands.


  3. The Guardian now has an article written up from the papers of the research ethics committee, quoting members’ comments but with our names redacted. Perhaps the stylometry security folks might guess which comments were mine…

  4. Imho your title is plain wrong.

    No doubt that unaware people are the main problem, but Cambridge _and_ Facebook must be blamed because they shamelessly capitalize(d) on it.

Leave a Reply

Your email address will not be published. Required fields are marked *