Facebook, Cambridge Analytica, & Our Digital Dysfunction

In late November of 2011, one of the hottest-trending, internet-related topics was the campaign to stop the SOPA/PIPA bills. In early/mid 2017, the noisiest issue was “net neutrality,” as FCC Chairman Pai made good on his promise to reverse the 2015 Open Internet Order. In both cases, the public was served volumes of emotional hyperbole, created by vested interests, used to sell variations on the theme that democracy itself was under attack. Meanwhile, our democracy was under attack, just not in a way that anybody seemed to care about very much in contrast to issues that, ironically enough, only exacerbated the underlying problem.

At roughly the same time that “digital rights” organizations—EFF, Fight for the Future, Public Knowledge, et al—began amping up the anti-SOPA rhetoric, convincing Americans that Hollywood was determined to “break the internet and stifle free speech,” Facebook was signing a consent decree with the Federal Trade Commission after the agency charged the company with deceiving “consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public.”

As Wall Street eagerly anticipated the platform’s IPO, Facebook entered into the FTC agreement, which barred the company from certain privacy-breaching conduct and mandated a 20-year regime of third-party, privacy audits for compliance. But last weekend, The Guardian revealed whistleblower Christopher Wylie, a former Cambridge Analytica employee, who says he helped build a “propaganda machine” based on the data of at least 50-million American Facebook users. In response, the FTC is now investigating whether the social media platform violated that 2011 consent decree. If so, the penalty—on paper anyway—would be $40,000 times 50 million.

While nobody expects a two-trillion-dollar fine at the end of this process, the social media giant has a lot of explaining to do, and Senator’s Amy Klobuchar (D-MN) and John Kennedy (R-LA) have called for Mark Zuckerberg to personally testify before Congress. It’s going to be tense for whoever takes that seat, just based on the testimony of former Facebook operations manager Sandy Parakilas, who has spoken to The Guardian, NPR, and others. He describes an internal policy of Facebook executives choosing to not know how their data is used after being shared with developers. Parakilas even alleges the rationale that “Facebook [believed] it was in a stronger legal position if it didn’t know about the abuse that was happening.”

That’s a familiar refrain for anyone who’s been banging a head against this bulwark excuse for everything from copyright infringement to sex-trafficking—the holy trinity of internet platform defenses: We didn’t know. We can’t know. We shouldn’t know. Unfortunately for Facebook and other major platforms, what Parakilas alleges in the press is called willful blindness, which is the legal equivalent of knowing exactly what’s going on while pretending you don’t.

It is at least encouraging that the conversation is finally changing. Less than two years ago, it was tough to get much attention for a post describing how a statutory liability shield like Section 230 mutated into a presumed blanket immunity from responsibility for everything that happens on a platform. This morning, that exact narrative was a lead story on NPR in which Alina Selyukh steps listeners through the narrative, from the rationale for the statute in 1996, right up to the only amendment to the law (FOSTA), proposed in response to its misapplication as “a teflon shield” immunizing Backpage for its alleged role in promoting child sex-trafficking.

During the five years between the Facebook/FTC consent agreement and the election of 2016, the narrative persisted that an “open” internet was inherently a democracy-sustaining internet. The problem was that what “open” really meant to the major platform companies was permission to do pretty much whatever the hell they wanted. And they did.

The reason I bracketed the start of this post with the anti-SOPA campaign and the “net neturality” kerfuffle is to make the point that when it comes to cyber policy, we have consistently been instructed by the industry itself to look at the wrong issues. For instance, SOPA would have had zero negative effect on speech; and the “net neutrality” issue was entirely irrelevant to the Cambridge Analytica story, which represents a very real, cyber-age threat to the health of the Republic. If anything, these revelations demonstrate why the FTC’s authority over edge providers like Facebook and Google is far more urgent than the matter of placing ISPs under the regulatory framework of the FCC.

I’ve been strident, to say the least, in denouncing organizations like the Electronic Frontier Foundation for presuming to rally the free speech right in defense of an almost-universal, zero-liability policy for internet companies. Off the top of my head, the internet would be destroyed and speech chilled, according to EFF and friends, if …we had passed SOPA/PIPA or ratified the TPP; if we allowed internet companies to take voluntary action to stop various crimes and abuses; if we allow Backpage to face litigation or pass FOSTA; if the 2015 FCC OIO is reversed; if copyrights are ever enforced by anybody for any reason; or if we should, heaven forbid, rethink the ultra-libertarian, disrupt-culture bullshit that led anyone to believe that social media was fundamentally good for American democracy in the first place!

We’ve been swallowing a lot of nonsense about the internet for a long time, and I like to think of this period as our peyote ritual—a time to finally vomit up all these demons before we can even attempt sober consideration of what, if any, mitigating action we take next. As Taylor Lorenz describes for The Daily Beast, simply leaving Facebook isn’t so easy (unless we all bail at the same time, I guess), and there should be no reason to abandon the positive attributes—namely, legit social connection—that draw us to these sites in the first place. It’s just that we have to reconcile the fact that the reasons we’re there for ourselves are not the same reasons the platform owners wanted us there. Coming to terms with that disconnect is probably where the next iteration of cyber-policy—whether statutory or voluntary—should probably begin.

Enjoy this blog? Please spread the word :)