87 million Facebook users lost control of their most personal data to political operatives without ever clicking “yes.” App Harvests Data from Friends Without Consent Aleksandr Kogan, a Cambridge University researcher, launched the “thisisyourdigitallife” app in 2014. Approximately 270,000 users installed it for a personality quiz. The app collected their data plus profiles from up to 87 million friends, including 70.6 million Americans. Facebook’s API rules at the time permitted this friend data access with minimal user consent. Kogan shared the dataset with Cambridge Analytica for psychographic profiling. Users approved the quiz but never authorized political exploitation or friend scraping. This loophole, not a hack, defined the scandal. Cambridge Analytica Targets 2016 Elections Cambridge Analytica, founded in 2013 from SCL Group, received Kogan’s data. The firm built voter models for Ted Cruz’s primary and Donald Trump’s general election campaigns. It allegedly aided Brexit efforts too. Psychographics predicted behaviors from likes and posts, enabling microtargeted ads. The Guardian reported Cruz campaign use in December 2015. Facebook discovered the sharing in 2015 and demanded deletion, but verification failed. Alexander Nix, CA CEO, oversaw operations until exposure. Whistleblower Ignites Global Firestorm Christopher Wylie, a Cambridge Analytica insider, revealed details to The Guardian and The New York Times on March 17, 2018. Facebook suspended CA that day. Mark Zuckerberg testified before Congress in April 2018, defending platform policies amid #DeleteFacebook backlash. CA filed for bankruptcy in May 2018. The scandal erased over $100 billion from Facebook’s market value. Regulators pounced: FTC fined Facebook $5 billion in July 2019, UK ICO added £500,000 in October 2019. Settlements and Lasting Regulatory Hammer Meta paid $725 million in a December 2022 class-action settlement. Facebook settled another lawsuit in August 2022 for an undisclosed sum. The FTC imposed a 20-year oversight order on Meta, mandating audits and data protections. Kogan and Nix faced deletion orders. Post-2018, Facebook restricted APIs, added inactivity cutoffs, and enhanced developer scrutiny. Zuckerberg promised trust reforms. These changes rippled industry-wide toward consent-based policies. https://twitter.com/realDonaldTrump/status/9876543210987654321 Permissionless Access Erodes Trust and Sparks Reforms Stakeholders clashed: Facebook called it misuse, not breach, citing consented API use. CA claimed only 30 million profiles; Facebook verified 87 million. Regulators and media drove accountability. Impacts hit users with privacy violations and voters with integrity doubts, though Brexit role proved limited. Common sense demands explicit consent over loopholes—aligning with conservative values of individual rights and limited government overreach in private data. Tech shifted to stricter audits, fueling GDPR-like laws. Distrust lingers, reminding us platforms prioritize profits until forced otherwise. Sources: https://www.huntress.com/threat-library/data-breach/cambridge-facebook-scandal-data-breach https://bipartisanpolicy.org/article/cambridge-analytica-controversy/ https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal http://privacyinternational.org/taxonomy/term/605