The Great Hack
What is The Great Hack?
The Great Hack is a two-hour documentary released by Netflix that follows the stories of several people involved in, affected by, and connected to the Cambridge Analytica scandal. The long and the short of it was this: Big data company meddles with elections by influencing voters on Facebook using highly-targeted ad campaigns and astroturfing. The stories told in the documentary involve a professor of Media Design, a journalist from the Guardian, and a former business development director for Cambridge Analytica (CA for short).
I’ll get it out of the way now, I liked this documentary. I liked it for many reasons: It’s beautifully shot, the CGI depictions of the data trail we leave behind are very effective and illuminating, the storylines of the characters are compelling and well told, and the chilling realisations are… well, they’re chilling.
New weapons, the same old battlefield
The conclusion that struck me the most, and sent shivers down my spine, was that the combination of data analytics and propaganda tactics employed by CA are classified as “Military Grade Weapons”. This reminds me of the early days of the internet during the “Encryption Wars”. During this period in the internet’s infancy, the US Government deemed encryption algorithms stronger than DES to be similarly classified as “Military Grade Weapons” and so they were placed on the munitions list. This led to some bizarre scenarios where mathematics professors and researchers trying to sell their books abroad would have to register as arms dealers if their book contained one of these encryption algorithms. The notion that mathematics, data, or software can be legally classified as a weaponizable technology is not new but is nonetheless fascinating, and one that we would all do well to remind ourselves of on a regular basis. The Guardian journalist, Carole Cadwalladr, points out that the propaganda campaigns employed by CA for the Brexit and Trump campaigns are analogous to Psy-Ops, an umbrella term for military tactics where lay people are persuaded to behave in a way that better benefits the body that is carrying out the Psy-Op. The example she gives is of the US Military distributing leaflets in Afghanistan to convince young people that Al-Qaeda is not what’s best for their country. This seems like a relatively tame example, but it serves to demonstrate the kind of scenarios we see Psy-Ops being used in.
You are not immune to propaganda
The unfortunate fact of the matter is that the human mind is very easy to deceive and manipulate. We like to think of ourselves as impregnable fortresses when it comes to the influence the internet has over us, but this is simply not the case. We are all riddled with biases, susceptible to fallacies, and above all, we love a good story. Combine these elements and throw them in the pot with a social network and a big-data company with dubious ethics and you’ve got yourself one big influence soup. Multiply that by the entire population and you’re dealing with a system that can break the democratic process.
I like to play devil’s advocate with myself in situations like these and ask, “what’s really the difference between politicians persuading you at a rally and the same politician targeting you with personalised ads on Facebook?”. At the end of the day, the same team of people is trying to win you over to their way of thinking in both scenarios. The difference, however, lies in the complicity and consent from the individual as part of that process. When you attend a political rally, you know what you’re getting in for. You expect to hear some opinions you may or may not agree with and you know that when you leave the venue, you’re gone, and the exchange is over. Conversely, when we’re scrolling Facebook, looking at pictures of the neighbour’s new baby one second, and the next we’re watching a hit-piece on a politician we like, we forget that we’re always at the rally. We’re at home, where it’s safe. We might be completely alone, surrounded by competing voices, all screaming for our attention. The same tactics are used in digital marketing, of this I have no doubt, but there’s a difference between being convinced to buy tchotchkes and being convinced that [some minority group] are [committing a crime] against our [vulnerable demographic] and that [political candidate/party] are going to fix that by [extreme countermeasure] and that that would be a good thing.
I recommend watching The Great Hack to really get you thinking about these issues. You could draw some parallels between today’s content-and-drama-oriented internet and the “wall family” in the book Fahrenheit 451. The way that content can be used to affect our moods, opinions, and by extension, our behaviours are worth being mindful of. Whether it’s the 24-hour news cycle or your favourite Minions meme page on Facebook, there are people trying to control your attention and they’re using detailed personal information about you to do it. Advertising agencies and social networks know much more about you than you might ever assume, and if you knew you might not be so thrilled.
“Useful” data and truly “Anonymised” data are mutually exclusive
Consider the process that advertising agencies and analytics companies carry out with our data called “Anonymisation”. This is supposed to strip away our identity from the data they have collected and it is intended to allow the company to re-sell the data without requiring your consent because it’s “no longer your personally identifiable information”. This is an example of a process that requires more modern legislation, as there are numerous studies proving that if someone wants to connect enough dots in the data (or between multiple datasets), they can identify a staggering amount of individuals. The fact of the matter is that our data, no matter how “anonymised”, is only useful to entities if there is something in there that they can use to categorise, label, predict and target us. We can, however, be responsible for what we collect and how we use it.
The Great Pitch
A valuable takeaway from all of this is to consider the way we store and process personally identifiable information. For all of us operating within the European Union, we have to consider our compliance with the GDPR and a massive part of this process is having our information security practices up-to-date and reviewed regularly. If you have any concerns about the data security of your business, get in touch with the team here at Intuity and find out how we can help you to keep your customers’ data safe and secure.