Facebook says giving Cambridge Analytica info on 50 million people wasn’t a “breach.” It was a feature

Writing for Bloomberg Businessweek, Paul Ford says Facebook’s “not-a-breach” of personal information on 50 millions of its users is just the latest example of why it’s time for a digital protection agency.

Facebook’s recent debacle is illustrative. It turns out that the company let a researcher spider through its social network to gather information on 50 million people. Then the Steve Bannon-affiliated, Robert Mercer-backed U.K. data analysis firm Cambridge Analytica used that data to target likely Trump voters. Facebook responded that, no, this was not a “breach.”

OK, sure, let’s not call it a breach. It’s how things were designed to work. That’s the problem.

How might a digital EPA function? Well, it could do some of the work that individuals do today. For example, the website of Australian security expert Troy Hunt, haveibeenpwned.com (“pwned” is how elite, or “l33t,” hackers, or “hax0rs,” spell “owned”), keeps track of nearly 5 billion hacked accounts. You give it your email, and it tells you if you’ve been found in a data breach. A federal agency could and should do that work, not just one very smart Australian—and it could do even better, because it would have a framework for legally exploring, copying, and dealing with illegally obtained information. Yes, we’d probably have to pay Booz Allen or Accenture or whatever about $120 million to get the same work done that Troy Hunt does on his own, but that’s the nature of government contracting, and we can only change one thing at a time.

Photo of Mark Zuckerberg: JD Lasica, Attribution 2.0 Generic (CC BY 2.0)