Facebook Scandal

Target Audience

Undergraduate
Graduate

Keywords

Facebook
Data security
Data privacy

Introduction

Overview

Cambridge Analytica was a British political counseling firm from 2013-2018, a subsidiary of a private intelligence company with close ties to the Conservative Party, royalty, and British military. Throughout the 2010's, Cambridge Analytica harvested Facebook data belonging to millions of users in order to build voting profiles on users that they could sell to candidates in United States elections. There was no hacking involved.

Vulnerability Details

2013: Aleksandr Kogan, a Cambridge University data scientist, was hired by Cambridge Analytica to create an informed consent for payment survey app titled 'This Is Your Digital Life'.
2014-2015: Cambridge Analytica harvests user data from 87 million users without their consent through their app.
Dec. 2015: Data misuse scandal first reported by The Guardian.
Dec. 2016: Further reports of the scandal are reported by the New York Times.
Mar. 2018: Former Cambridge employee comes out as a whistleblower, Facebook loses $100 million in market value in a matter of days.
Apr. 2018: Mark Zuckerberg testifies before Congress.
May 2018: Cambridge Analytica files bankruptcy.
July 2018: Facebook is fined £500,000 by the U.K. government.
July 2019: Facebook is fined $5 billion by the FTC.

Learning Objectives

Explain data security and privacy
Describe security and privacy violations in the Facebook data scandal
List common protection mechanisms for data security and privacy

Download

Includes a PDF case study adapted from a real-world cyber breach
Guided questions for student engagement
Instructor materials including context and background
All content packaged in a downloadable ZIP file

Remote Terminal

Terminal Description

Module Questions

What happened in the Facebook-Cambridge Analytica data scandal?Cambridge Analytica hacked Facebook's servers and stole data.Cambridge Analytica misused Facebook's data through an app to collect personal information without user consent for political purposes.Facebook sold data to Cambridge Analytica directly.Facebook accidentally shared user data through a public API.

What are two effective security mechanisms that could have guarded against data misuse in social media platforms like Facebook?Implementing stricter app permissions and regular data audits.Disabling data sharing with third-party apps entirely.Using passwordless authentication and eliminating ads.Banning political advertising on social media.

If you were a data scientist at Cambridge Analytica, what would be an ethical scheme to collect and use social media data for political campaigns?Use anonymous and aggregated data only from users who have explicitly opted in for political campaigns.Create a fake app that users unknowingly consent to.Collect data from user profiles without their knowledge and analyze it for political purposes.Only use publicly available data without requesting any consent.

What are some ethical data collection techniques that could be used on social media platforms?Scraping user profile information from public pages.Collecting data from third-party apps without informing users.Conducting surveys with user consent and using anonymized analytics.Purchasing data from brokers without user consent.

How could Facebook have strengthened its data policies to prevent unauthorized data access like in the Cambridge Analytica scandal?Allowing unrestricted access to all data for developers.Limiting third-party access to user data and conducting regular audits of app activities.Removing API access for apps with less than 1,000 users.Selling all data to only government entities.

As the CTO of Facebook, what measures would you implement to enhance data privacy while maintaining profitability?Introduce more transparent data usage policies and anonymize personal data for advertisers.Completely remove all data-driven advertisements.Charge users a subscription fee to avoid ads.Allow advertisers full access to user data but add encryption.

How should companies balance the need for data-driven insights with the responsibility to protect user privacy?By banning all data-driven analytics.By using personal data without consent for better results.By outsourcing all data analysis to third-party companies.By creating anonymized datasets for insights and complying with privacy regulations like GDPR.

What steps should be taken to prevent a similar data misuse incident like the Facebook-Cambridge Analytica scandal?Ban political ads from Facebook entirely.Regularly audit third-party applications and enforce stricter user consent policies.Allow developers to access data only after a public announcement.Stop users from sharing any personal information online.

What IT weaknesses were present in Facebook’s data privacy practices during the Cambridge Analytica scandal?Insufficient data access controls for third-party apps, inadequate user consent mechanisms, and lack of monitoring for misuse.Facebook did not use encryption for posts.Facebook accidentally sold data to Cambridge Analytica.Facebook allowed full access to its servers to anyone who requested it.

As the CIO of Facebook, how would you improve data privacy and rebuild user trust?Stop collecting user data altogether.Disable all third-party applications and move to a subscription-based model.Implement a comprehensive privacy-first strategy, including user education, stronger data controls, and transparent policies about data usage.Limit privacy settings for users to simplify the platform.