Reason.com - Free Minds and Free Markets
Reason logo Reason logo
  • Latest
  • Magazine
    • Current Issue
    • Archives
    • Subscribe
    • Crossword
  • Video
  • Podcasts
    • All Shows
    • The Reason Roundtable
    • The Reason Interview With Nick Gillespie
    • The Soho Forum Debates
    • Just Asking Questions
    • The Best of Reason Magazine
    • Why We Can't Have Nice Things
  • Volokh
  • Newsletters
  • Donate
    • Donate Online
    • Donate Crypto
    • Ways To Give To Reason Foundation
    • Torchbearer Society
    • Planned Giving
  • Subscribe
    • Reason Plus Subscription
    • Print Subscription
    • Gift Subscriptions
    • Subscriber Support

Login Form

Create new account
Forgot password

Obama Harvested Data from Facebook and Bragged About It. Why Are We Only Freaking Out About This Now?

Why are politicians now freaking out about a feature that has been publicly documented since its inception and that was discontinued three years ago?

Declan McCullagh | 3.23.2018 12:05 PM

Share on FacebookShare on XShare on RedditShare by emailPrint friendly versionCopy page URL
Media Contact & Reprint Requests
Kay Nietfeld/picture alliance / dpa/Newscom

Facebook's idiosyncratic approach toward safeguarding the personal information of its users has attracted more political outrage than the company has ever experienced. The American and British legislatures have invited Mark Zuckerberg to visit and be complained at in person, the Federal Trade Commission has let leak an investigation, and German officials are officially vexed.

What irks them is the revelation that a third-party Facebook app masquerading as a personality quiz extracted information that was sold to the political consulting firm Cambridge Analytica, which in turn provided services to Republicans. A short line is being drawn from Facebook data-profiteering to the election, still unfathomable to many Democrats, of some guy named Donald J. Trump.

Given the political leanings at Facebook, it seems unlikely that such an effect was deliberate. In 2016, Sheryl Sandberg, the company's chief operating officer, struggled to find praise sufficiently fulsome to describe Hillary Clinton; in return, Sandberg was imagined as a Clinton Cabinet official. This was approximately the same time as the flap over Trending Topics, during which we learned that Facebook's stable of editors seemed to shun conservative news sites instinctively.

In any event, the joint anti-Zuck strike force being assembled in conference rooms this week in Washington, London, and Berlin seems to be arming for a skirmish that ended years ago.

The history is this: Starting in 2010, third-party developers who convinced a Facebook user to install their apps could vacuum up a tremendous amount of information. The so-called Open Graph API included not only a user's name, birthdate, politics, and religion—private direct messages could be requested too—but also his or her friends' data. You could argue that Facebook's disclosures were insufficiently descriptive. But technically, this wasn't a data leak; users gave consent, however attenuated.

Facebook gave the fields it provided developers names like "friends_religion_politics," "friends_likes," and "friends_photo_video_tags," but a more descriptive term might be "commercially useful information that is certain to be monetized." The user IDs provided were globally unique, kind of a Facebookish Social Security Number, so companies could use multiple apps to correlate and compile cross-referenced profiles by the millions.

The Graph API's features were no secret. They were shouted to the world via press release. At his 2010 announcement at a San Francisco conference, Zuckerberg boasted that developers would now be able to download and retain Facebook data. "We've had this policy where [third-party developers] can't store and cache any data for more than 24 hours, and we're going to go ahead and we're going to get rid of that policy," Zuckerberg said. CNET reported that the audience cheered.

Four years later, Facebook reversed course, saying it had chosen to discontinue those features of the Graph API. The equivalent of a global Facebook-wide identifier would be replaced with application-specific IDs. Friend data would be sharply restricted. The changes took effect in April 2015.

No Senate hearings or congressional investigations convinced Facebook to pull the plug. No flurry of investigative news articles preceded it (there appears to have been not one New York Times or Washington Post article discussing the Graph API in the prior year). No Federal Trade Commission investigation loomed; Facebook had already reached a privacy settlement with the agency in 2011 that altered the Graph API not one whit.

The most likely explanation for the 2014 policy shift is the simplest: The company realized, however belatedly, that even Facebook users want more control over how they share their information. Market pressure (or, perhaps, market dominance and less fear of alienating developers) had closed a privacy loophole. At the F8 conference that year, Zuckerberg said, "We take this really seriously because if people don't have the tools they need to feel comfortable using your apps, then that's bad for them and it's bad for you. But it will prevent people from having good personalized experiences and trying out new things but it also might hurt you and prevent you from getting some new potential customers. So we need to do everything we can to put people first and give people the tools they need to build a sign in and trust your apps."

Today it's almost tempting to feel sorry for Zuckerberg, who must be puzzling over why it took politicians eight years to discover the existence of a feature that has been publicly documented since its inception and was discontinued three years ago.

Zuckerberg must also be contemplating a second oddity. There was no privacy outcry when Barack Obama's 2012 campaign took advantage of the same Graph API to exfiltrate information of tens of millions of Facebook users without each voter's knowledge and consent.

Time.com's report immediately after the election was laudatory. Extracting data from Facebook, it said, "will transform the way campaigns are conducted in the future." It concluded, presciently, that by 2016 the Obama campaign's approach "is almost certain to be the norm."

The Obama campaign's extensive harvesting of social graph data triggered Facebook's internal safeguards, according to an article a year later in The New York Times Magazine. But Facebook allowed it to continue. "It was more like we blew through an alarm that their engineers hadn't planned for or knew about," Will St. Clair, a programmer for the campaign, told the magazine. "They'd sigh and say, 'You can do this as long as you stop doing it on Nov. 7.'"

"We ingested the entire U.S. social graph," Carol Davidsen, director of data integration and media analytics for Obama for America, told The Washington Post this week. "We would ask permission to basically scrape your profile, and also scrape your friends, basically anything that was available to scrape. We scraped it all."

It would be impolite, of course, to accuse the Democratic politicians demanding Zuckerberg's scalp of double standards. Perhaps Sen. Amy Klobuchar (D–Minn.), who wants to interrogate Zuckerberg in person, has only recently immersed herself in API specifications. Perhaps Sens. Ed Markey (D–Mass.) and Richard Blumenthal (D–Conn.), who issued their own demands to Zuckerberg, happened to miss the 2013 article about how the Obama campaign "blew through an alarm." (The inexplicable is not limited to Capitol Hill: A cadre of left-leaning privacy activist groups who remained mum before now believe the Federal Trade Commission should investigate.)

The danger now is regulatory overreach. It's possible to acknowledge that Facebook's original Graph API was leaky—user notification and consent could have been handled far better—while being worried about what Washington officialdom may concoct as suitable punishment for Internet companies. Good laws and sound policy are rarely made during times of moral or partisan panic.

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

This field is for validation purposes and should be left unchanged.

NEXT: Your Friday Cliffhanger: Will Trump Sign or Veto the Omnibus? (UPDATE: Trump Signs)

Declan McCullagh is a Silicon Valley entrepreneur and co-founder of the discussion site Talking.

Share on FacebookShare on XShare on RedditShare by emailPrint friendly versionCopy page URL
Media Contact & Reprint Requests

Show Comments (177)

Latest

Brickbat: Cooking the Books

Charles Oliver | 5.9.2025 4:00 AM

The App Store Freedom Act Compromises User Privacy To Punish Big Tech

Jack Nicastro | 5.8.2025 4:57 PM

Is Shiloh Hendrix Really the End of Cancel Culture?

Robby Soave | 5.8.2025 4:10 PM

Good Riddance to Ed Martin, Trump's Failed Pick for U.S. Attorney for D.C.

C.J. Ciaramella | 5.8.2025 3:55 PM

Trump's Tariffs Are Already Raising Car Prices and Hurting Automakers

Joe Lancaster | 5.8.2025 2:35 PM

Recommended

  • About
  • Browse Topics
  • Events
  • Staff
  • Jobs
  • Donate
  • Advertise
  • Subscribe
  • Contact
  • Media
  • Shop
  • Amazon
Reason Facebook@reason on XReason InstagramReason TikTokReason YoutubeApple PodcastsReason on FlipboardReason RSS

© 2024 Reason Foundation | Accessibility | Privacy Policy | Terms Of Use

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

r

Do you care about free minds and free markets? Sign up to get the biggest stories from Reason in your inbox every afternoon.

This field is for validation purposes and should be left unchanged.

This modal will close in 10

Reason Plus

Special Offer!

  • Full digital edition access
  • No ads
  • Commenting privileges

Just $25 per year

Join Today!