The massive and still-unfolding story of Cambridge Analytica and Facebook has spawned a debate about what a “data breach” is, and whether this was that. Facebook itself took issue with the notion that CA’s access to the data constituted a breach. Motherboard said they won’t call it a data breach, because it was “a feature, not a bug” in Facebook’s system. Molly McHugh at The Ringer said we shouldn’t be mad at Facebook for “being Facebook,” and that this was a “breach of trust,” not a data breach.
Blah blah! Who cares!!! This is not a tech blog, and I’m not here to contribute to a navel-gazing semantic debate about whether a term that most people don’t understand precisely is correct in this specific instance.
What is worth saying is that this is less “Facebook problem” than it is an “internet problem,” and more than that, a “capitalism problem.” It is still a Facebook problem, in that they’re one of the biggest data collection machines in the world, and they’re the bad actors in this particular story. But the terrible system that many observers have correctly identified at work here—data-mining, entirely dependent on users not realizing what they’re signing up for—is at work across the internet. To truly overthrow Facebook’s data regime, we would need to revolutionize the entire internet.
And we should.
There are countless websites and services that make their money through taking your data and selling it to advertisers. Unroll.me, a service that goes through your inbox and unsubscribes you from all the annoying newsletters you didn’t realize you signed up for, received criticism last year when the New York Times’ Mike Isaac revealed the service “collected its customers’ emailed Lyft receipts from their inboxes and sold the anonymized data to Uber.” When that happened, Unroll.me’s cofounder wrote a sniveling and deeply smarmy blog post saying it was “heartbreaking to see that some of our users were upset to learn about how we monetize our free service.” You poor fools! I’m so sorry that you only just figured it out, little darlings! Didn’t you realize it was free for a reason?
Unroll.me is just one of dozens of sites and services that reserve the right to sell your (anonymized—or so they promise us) data. But the problem is much more intrinsic than that; your very access to the internet can be monitored, too. In 2017, broadband providers successfully fought to repeal rules passed by Obama’s FCC that would have required them to obtain opt-in consent from users before selling their web browsing data. Without those rules, there’s no standard for what the procedure to opt out of having that data sold is at all. Major ISPs make it very hard, if not impossible, to opt out of having your web browsing data sold.
As Karl Bode pointed out at Motherboard today, that monitoring isn’t just permissible, it’s already happening:
For example, Verizon Wireless was busted in 2014 actively modifying user packets to track its customers around the internet—without telling them or giving them the ability to opt out. It took two years before security researchers even discovered what Verizon was up to, and other six months of public shaming before Verizon was willing to include an opt-out function.
AT&T, another gigantic internet provider, has the fucking temerity to charge customers more if they want opt out of a snooping program. They frame it, of course, as giving a “discount” to customers who accede to surveillance, of course, because we live in hell.
The internet is built on an economy of data mining. Because of that, when stories about data privacy come out, there’s often an instant, smug reaction from the Learned Ones: “of course [company] is doing this, you fool, don’t you know you should [use Signal/delete your Facebook account/use a VPN]?”
When I published a story last year about CNN turning on a Slack feature that enabled it to read its reporters private messages, a lot of Very Smart People on Twitter said a version of the same thing: users who didn’t realize that their employers are watching them are idiots, and anyone who says anything personal at all on their work Slacks are idiots, and only I, the smart person, am not an idiot.
This, to me, is incredibly unsatisfactory: the idea that we should expect and excuse invasive behavior from employers, or tech companies, just because the technology means they can be invasive, and therefore anyone who messages their coworker about their dates or their herpes or their stupid boss is an idiot. Maybe it’s sensible, given what we know about shitty employers, to keep it off Slack, but why put the onus on the oppressed employee, rather than the oppressive employer? Why simply give in to that?
The entire mindset reveals a society infected in its core with libertarian-derived nonsense about “freely enterered-into contracts” and the foreclosure of better possibilities. You have apparently consented to being exploited—to having your every online action monitored, collated, and sold to or stolen by people you can’t even imagine for purposes utterly opaque to you—merely by “opting in” to using the internet in the normal ways everyone else does. Privacy and security can be learned, if you have the skill or time or energy, or sometimes purchased, though they will always come with some massive inconvenience. (Just remember your pass phrase and keep this USB security dongle on you at all times!) The “safest” option is to “opt out” entirely, to stay away from the things that people use the internet for, like connecting with friends and family on the world’s biggest social media platforms and their connected messaging services. It’s a great option if you want to buy drugs with cryptocurrency and only talk to Romanian hackers and American neonazis on the dark web. It’s not great if you just want to fucking look at pictures of your coworker’s cute puppy on Instagram.
Yes, sure, maybe you should have known that Facebook, or Google or Twitter or your ISP for that matter, was providing that “free” service in exchange for your data. It is true that there has been a tremendous failure of education about what it means to be online today, and what we give up when we go online; none of this was mentioned in my Information Technology classes in secondary school, which predated Facebook and YouTube and most of what we recognize as online today. But even if people do vaguely know that their data is being harvested online, they are never going to comb through every user agreement they sign, or read every privacy notice. That is exactly why broadband privacy rules would have been a good step, and why broadband companies fought them so hard. If you’re interested in protecting consumers, it’s an obvious first step to make companies get affirmative, clear consent to sell your data, and to be specific about what they’re collecting and what they do with it. Because they’ll never be transparent voluntarily. When’s the last time Facebook sent you a notification telling you what it’s collected or sold? Or Google, or Twitter, or your ISP?
It’s probably too late for that mass education to happen now: We’ve had about 20 years of being Mega Online, and a whole generation has already grown up having the internet from childhood. It’s impossible to imagine—and unfair to ask—everyone to just unplug; the internet’s good, overall, and we should get to keep using it. So why shouldn’t we, instead, use the power of the state to force companies to stop being such cavalier shitheads with our personal data?
This isn’t just a tech problem. It’s a power problem, and therefore a political problem, with a political solution. Candidates should be running on overthrowing the data collection regime. They can start with running against ISP data collection, because Comcast is already one of the most unpopular companies in America. It can and should be framed as yet another example of corporate overreach and domination of our lives, one that has been enabled by politicians bought and paid for by the industries that depend on it.
For too long, users have been too powerless on the internet to protect their privacy from predatory capitalists. Revelations about Facebook’s malicious negligence should be the beginning of the end for them, and for the whole rotten system.