By Ally Marotti Chicago Tribune
WWR Article Summary (tl:dr) Kent Grayson, a marketing professor at Northwestern University's Kellogg School of Management says even news that people's personal data could have been used in an attempt to manipulate a presidential election likely won't be enough for most users to change their behavior. Grayson says, "Even if it is, there's not much they can do about the information that's already out there."
Facebook users have been pouring personal data into the social media platform for more than a decade, often without realizing what they were giving up.
When third-party games or quizzes came along, users jumped on board with those too. Many of them were free, but what some users didn't realize, or didn't care about, was that they were paying with their personal data.
Now, concerns about sharing every aspect of life on social media are coming to a head amid reports that a political consulting firm hired by President Donald Trump's campaign allegedly used ill-gotten Facebook data in an effort to influence voter behavior. Users are weighing whether to quit the social media platform and calling for greater online privacy protection.
But experts say those concerns won't be enough to change the behavior of the masses. Social media have become ubiquitous, and many users are either ambivalent toward data privacy or don't understand what they've given up by agreeing to the terms of service in order to create an account.
Legislation that holds tech companies accountable or offers more transparency regarding data use could help, experts say, but it has proved difficult to pass in the U.S.
People also could swear off social media, change their privacy settings or just share less. But for many users, even grave concerns about giving up privacy are trumped by the desire and need to take part in the social media world.
"We're at a point of time in society ... that privacy is almost an afterthought," said Louis McHugh, director of information technology at Illinois Institute of Technology's School of Applied Technology. "We really don't take (it) into account."
Users who do consider the risk often don't find it great enough to outweigh the benefits they get from interacting on social media. They are searching for a happy medium: How can they participate in the online world without sacrificing their privacy to the point they're uncomfortable?
For the past decade or more, users have had that happy medium, said Kent Grayson, a marketing professor at Northwestern University's Kellogg School of Management.
They were either blissfully ignorant of how tech companies were using their data or were fine with it. Maybe they liked the targeted ads for men's gift ideas that came just days before their brother's birthday or discovered a new artist because of a recommendation on a similar song.
For some, having a robust social media presence is a professional necessity. Seven out of 10 employers use social media to screen candidates before hiring, according to a survey conducted in early 2017 on behalf of CareerBuilder.
Even news that people's personal data could have been used in an attempt to manipulate a presidential election likely won't be enough for most users to change their behavior, Grayson said. Even if it is, there's not much they can do about the information that's already out there.
"If you've already been sharing information about yourself, the genie's out of the bottle," he said. "It's impossible, I think, to get it back."
But there are a few things users can do going forward, said Darren Guccione, CEO and co-founder of Chicago-based cybersecurity firm Keeper Security. People need to know the risks of sharing their information on social media, and that starts with actually reading the terms of service, he said.
"If you don't agree with it, then click 'I don't accept,' " he said.
Almost every app has privacy policies and controls, Facebook included, Guccione said. He suggested tinkering with those settings and limiting what the public sees. Facebook users also can control what kind of information the social media giant knows about them by managing their ad preferences.
Using social media credentials to log in to other sites also opens users up to privacy breaches by way of stolen passwords, Guccione said. Additionally, users should know that if they go to a website from inside an application _ such as by clicking on a link on Facebook, that application could still be tracking them.
Facebook CEO Mark Zuckerberg promised in a post Wednesday that the social media company would do more to protect its users' data. "We have a responsibility to protect your data, and if we can't then we don't deserve to serve you," he wrote.
Zuckerberg's post came following public outcry in response to a report last weekend from The New York Times and The Observer of London that Cambridge Analytica, a political data firm hired by the Trump campaign, gained access to private information of more than 50 million Facebook users, including their profiles, locations and what they like.
The firm claimed its tools could analyze voters' personalities and influence their behavior with targeted messages.
Cambridge Analytica improperly acquired the information, Facebook has said, but it wasn't stolen. Users allowed the maker of a personality quiz app to take the data. About 270,000 people took the quiz several years ago, the Times reported, and the app-maker was able to scrape data from their Facebook friends. He then provided the data to Cambridge Analytica.
The firm, a U.S. subsidiary of U.K.-based SCL Group, has denied any wrongdoing and on Tuesday suspended its CEO, Alexander Nix. The app developer, a Cambridge University researcher named Aleksandr Kogan, told the BBC this week that he didn't know the data would be used for Trump's election campaign and that Cambridge Analytica is using him as a scapegoat.
Zuckerberg said in his post that a change Facebook made in 2014 prevents "bad actors" from accessing people's information and that the company is taking steps to make sure all the data in question is deleted. Additionally, Facebook plans to investigate companies that had access to large amounts of data before 2014, restrict developers' data access further, and make sure users understand which apps can access their data.
Since the report last weekend, several American and British lawmakers have called for greater privacy protection and asked Zuckerberg to explain what the company knew about the misuse of its data. In Congress, the House Energy and Commerce Committee on Thursday formally requested that Zuckerberg testify about the matter.
The debate over internet privacy legislation in the U.S. has shifted from the federal to state level in recent years, but proponents argue there aren't enough laws at either level to adequately protect users.
Consumer privacy is not protected under our current legal system, nor do technology companies function in a way that protects it, said Christopher Dore, a partner at Chicago law firm Edelson, which has brought privacy suits against tech companies, including Facebook, Google and Netflix.
Companies lean on the terms of service that customers sign before using their platforms, but there's no way for a customer to know from that fine print how their data actually will be used, Dore said. There need to be more legal protections in place at the state and federal levels to encourage companies to protect their users' privacy, he said.
"It can never be a fair transaction if consumers aren't getting the full story, if they're not having all the implications of their decision disclosed to them," Dore said. "That's the world that we're currently living in."
There are some protections in place in Illinois. The state's Biometric Information Privacy Act, for example, is considered the strictest law of its kind in the nation. The 2008 law mandates that companies collecting biometric information, which includes facial, fingerprint and iris scans, obtain prior consent from consumers, detailing how they'll use it and how long it will be kept.