Saintel Daily

If it Happened | We Covered it

Facebook Has Allowed Another Company to Steal User Data

facebook
When will they learn? Facebook has allowed another company to steal user data through an API. Are you at all surprised though?

thumbs down

Facebook is still quite deep in the Cambridge Analytica scandal, and now they’re facing another one.  Facebook has suspended another data analysis firm that received user data.  This time, the firm is Crimson Hexagon.  Before I go too much farther, I just want to say – should we be surprised?  This is Facebook, and well, this is something we’ve seen before.  But who or what is this new mystery company? According to the Wall Street Journal, Crimson Hexagon has secured at least 22 separate federal contracts since 2014, worth more than $800,000 – including for the State Department, FEMA, and the Secret Service. In addition, they have a separate contract with a Russian nonprofit called the Civil Society Development Foundation.

What happened this time? And is it the same thing that happened before?  Crimson Hexagon for years, has used official APIs to siphon public posts from Facebook, Instagram, Twitter and other sources online.  From there, they would collate and analyze the data for various purposes, such as – to gauge public opinion on a political candidate or an issue.  They have clients around the world including some in Russia, Turkey, the United States and the United Kingdom.  The API connection, though, is pretty typical for Facebook, so it’s not like they were doing anything wrong in that sense.  But they were doing something wrong, and Facebook wasn’t monitoring it very well.

crimson hexagon

What’s not surprising is that Facebook alleged that they weren’t aware of the extent of Crimson Hexagon’s use of user data.  As I mentioned earlier, they had some pretty big government contracts, and Facebook didn’t even evaluate that before they took effect.  This whole thing is coming to a head because it’s believed that Crimson Hexagon is not complying with their data use rules – much in the same way that Cambridge Analytica wasn’t.  Of course, Facebook says that they are investigating the claims, but is that enough?

The good news is that Crimson Hexagon isn’t working as part of a larger network of shady companies, in the way Cambridge Analytica was.  Crimson Hexagon appears to be more above the board, with ordinary venture investment and partnerships.  The problem with both of them is that they are using Facebook user data as a way to manipulate a political candidate.  And by manipulate a political candidate, I simply mean, use the information that they get from Facebook to turn them into a candidate that people will vote for.

crimson hexagon

As with the Cambridge Analytica situation the onus of responsibility is on both parties.  It’s on Facebook to enforce the rules on how these third parties handle the user data.  That said, it’s not exactly a good idea for Facebook to let companies take what they need under a handshake type agreement.  It’s also on these third-party organizations to make sure that they are following the rules.  But, as I said before, is that enough?  Should Facebook actually be doing more to make sure that these things don’t happen?

The answer is, of course, they should!  And that seems to be their priority is right now.  What might be interesting is that Crimson Hexagon was co-founded by the same person who was put in charge of Facebook’s new social science initiative – Gary King.  Why is this interesting?  Well, it just seems like maybe he had some insider knowledge, which put him in the perfect position to execute this data breach.  King is denying any involvement in the everyday work of Crimson Hexagon, but he is chairman.  All of that said, this doesn’t look good for Facebook, and I won’t be surprised if it comes out that more companies are using user data in similar ways.

%d bloggers like this: