(by Guillaume Tissier, President of CEIS)
One month on from Facebook being called into question as part of the Cambridge Analytica case, it’s time to look back over the flood of outraged reactions that followed the “revelations”. What was Facebook criticised for? For letting the British company, which specialises in strategic, if not electoral, communication, wrongly exploit the data of 87 million of its users. Not a fault, nor a leak. Just technical siphoning allowed by the social network’s API, which has probably involved thousands of other applications (an audit is still in progress). In other words, the door was left open for third-party applications to access not only the data of individuals who downloaded them, but also that of their friends, under the well-known principle “your friends’ friends are your friends”. It should also be noted that President Trump’s campaign is likely not the only one to have benefited from Facebook’s largesse: the application created by Barack Obama’s campaign team in 2012 must also have helped collect a lot of data…
While the strong feelings provoked by this situation are legitimate, the prevailing surprise, whether real or feigned, as this scandal broke, was somewhat astonishing. Even though Facebook’s general terms and conditions were vague (they have since been revised), the social network has never hidden its true colours and we were surely well aware of its business model, based on making money through its audience and targeting users through their personal data. With a basic principle: to offer a free solution in order to quickly secure the largest possible number of users. But as the popular saying goes, “if you’re not paying for it, you are the product”. We are thus not the customers but rather the raw material of the platform.
The whole question today revolves around whether this case will lead to an ongoing questioning of Facebook’s model. The answer is no…at least not in the short term. On the one hand, because the vast majority of Internet users find nothing wrong with it and are often much quicker to denounce the State’s record-keeping than that of the platform. On the other hand, because there is no more lucrative business model for the moment: few companies have access to free raw materials… Facebook’s act of contrition before the US Congress would thus appear to be something of a smokescreen. Although Mark Zuckerberg admits to a personal “mistake”, he answered the question of whether he was going to change his business model by responding embarrassedly that he wasn’t sure he’d fully grasped the meaning of the sentence. And when the question was repeated, he replied that it was a complex issue and that he couldn’t give a yes or no answer… A change of model is therefore unlikely, even though the platform’s number 2, Sheril Sandberg, suggested the idea of launching a paid, and therefore more protective, version.
Should we, then, be satisfied with this situation? No. Although a radical change would appear difficult, some kind of shift is surely possible. By placing users at the centre of its considerations and upholding the principle of “privacy by design”, the European General Data Protection Regulation is already making moves in that direction. Although there is nothing to legally oblige Facebook to apply this legislation to US users, the social network has realised that the GDPR also offers a means of improving its image, including in the United States. The company has thus just announced its compliance (which some consider as “a minimum”) along with the deployment of new conditions of use that will apply to European and US users, as well as to the rest of the world. At least in spirit since, in legal terms, the company has just, with the wave of a magic wand, moved 1.5 billion of its members from Africa, Asia, Australia and Latin America from its Irish subsidiary to its US subsidiary, thereby considerably limiting its risks. Optimisation is not limited to the fiscal arena…
- EncroChat: Deciphering of the End-to-End Encryption Service Used by Criminals Cybercrime
- Preserving Digital Footprints and Cyber Resilience: Training the Swiss Police Cybercrime
- Ransomware in Six Questions (by the Ministerial Delegation to the Security Industries and the Fight Against Cyberthreats, French Ministry of the Interior) Cybercrime