Final thoughts on Facebook (hopefully)

I’ve been getting a lot of questions around Facebook, data access, and digital marketing strategies over the past few weeks. Last night I was on ABC 7.30 talking briefly about how the Facebook user data exposed in the CA breach might be used for political purposes. (The segment is available to stream here, sorry if it’s geoblocked in your country)

Over these phone calls and emails and interviews I’ve ended up with a few notes that I thought worth posting. There’s been a lot of chat about this topic, but it seems to be reaching the end of its news-cycle, so here’s my summation and (hopefully) final thoughts…

Why has CA been the straw that broke the back of this issue?

So there’s an argument that Trump and Brexit - and the idea that the CA data influenced those outcomes - are the reason people care. But I don’t think that’s it. Trump and Brexit suddenly gave regular non-technical people an understanding of how these tools work - a simple example with which to realise the power of this data. And that’s what was really needed in order for concerns to be raised beyond the tech-world.

This has all happened in the context of a great social and mental health question around these platforms. For Facebook, Twitter and Instagram, the last few years has seen a steady flow of studies suggesting that there are some considerable downsides to our use of these tools.

It’s not new

The well polished sales pitch from Facebook to advertisers was always about deep understanding - Facebook knows consumers better than consumers know themselves.

So the concern many people in tech have held for a while was that if it’s possible to get to this one-to-one targeting to increase widget sales by 1%, it’s possible to do some pretty dark things as well. The only thing stopping that is the security of the data and the limits of the tools that Google, Facebook, etc. build. (Jaron Lanier, Bruce Schneier, and Douglas Rushkoff are just three people who have been vocal on this issue for over two decades)

Obama’s campaign was held up as a best-practice case study in digital marketing. Is that still true? If so, where was the line was crossed? Once you have algorithms that can tailor an ad so that it may only ever be seen by one person and then never again, is that it? Or is it that the data was extracted from Facebook against both its terms and user expectations? Or was it simply that it was foreign actors? The answer to this is probably the biggest omission from the media coverage on this topic so far.

It’s a broad stroke - but developers and middle management in tech companies don’t understand externalities well

Developers are often perceived as lacking empathy and social skills - and this is often used to explain missteps. But I don’t think that’s true, not for the majority at least. The real explanation is probably closer to a misunderstanding of externalities - the second and third-order effects of what they build.

This is especially true when you consider the definitive optimism that fuels places like Silicon Valley. There is an unquestioned belief that technology will change the world for the better. This belief is essentially mandatory for the innovation that does create huge change, so don’t hate on it.

This isn’t good news for small business

Facebook was (and still is) an excellent platform for small businesses to build a customer base. So as long as Facebook can convince users to stay, hopefully this ability remains.

Regulation is tricky

GDPR is a good approach, and prioritises individuals over corporations and legalese. It’s been interesting to see initial criticism from some in the US tech world when it was introduced shifting to a feeling that perhaps it’s not a bad solution.

The focus of any regulation should be to make it a liability to be holding personal data about anyone. At the moment that data is considered an asset. The biggest danger of knee-jerk regulation right now is around stifling innovation. If it becomes too expensive or risky to hold customer data, existing large organisations will have a strong(er) competitive moat.

What about Google? (etc.)

I have never seen Google expose personal data to third parties in the way Facebook does. If there is a data breach of Google that exposes almost everything they know about tens of millions of users, you can be sure that the response will be an order of magnitude larger than Facebook has faced. But that hasn’t happened, and it’s unlikely it will.

It’s important to emphasise the timeframes here - in 2013 I was working on a data analytics tool using Facebook’s API, and was astounded at the level of data we could see (and this was standard developer API access). That was 5 years ago. Since way back then Facebook has made choices about what data they felt was fine to share with third parties, with minimal oversight. They did so despite constant breaches of policy, and with full knowledge of how that exposed data could be (and was being) used.

- April 2018