What Facebook Privacy? Candidates’ Tough Talk Is Just That

36


Politicians in Washington are fond of ripping into Facebook for its privacy practices. The latest round of excoriation came last week after the company revealed its ambitious plan to create a worldwide cryptocurrency called Libra. “Facebook is already too big and too powerful,” tweeted US senator Sherrod Brown (D-Ohio), “and it has used that power to exploit users’ data without protecting their privacy.”

Senator Josh Hawley (R-Missouri) told Yahoo Finance that he wouldn’t trust Facebook with his money. “I don’t trust Facebook with anything,” he said.

Just one problem: Despite their professed concerns with Facebook, both senators’ campaign websites—sherrodbrown.com and joshhawley.com—have an invisible piece of Facebook technology, called a pixel, that tracks when anyone visits their homepages and shares this information with Facebook. Hawley’s website even shares when visitors donate and the exact donation amount. Facebook can then associate that information with an individual’s Facebook account.

Brown’s office did not respond to a request for comment, and Hawley’s office, when reached by WIRED, did not respond to questions.

Brown and Hawley are hardly alone in sharing their website visitors’ data with Facebook in this manner. Over the past two months, I surveyed the official campaign websites of 535 US politicians. As of June 14, 81 sitting US senators, including Brown and Hawley, have Facebook tracking pixels embedded somewhere on their campaign websites; 31 of them send exact donation amounts. As of last Friday, at least 176 members of the House of Representatives also have the Facebook pixel on their campaign homepages. And almost every 2020 presidential candidate uses this kind of tracker, too, including President Donald Trump.

Hamdan Azhar is a data scientist and journalist based in New York.

And this should be underlined: Facebook’s pixel technology, which is meant to help target Facebook ads to visitors, must be approved by websites on which it operates. These politicians—or at least their campaigns—have actively signed up to allow Facebook to track their visitors.

Why does this matter? Politicians of both parties today claim to care about our privacy, and many of them have positioned themselves as ardent critics of the intrusive role of big tech companies in our lives. Yet, when it comes to their own campaigns, a significant number of them are sharing our web browsing data with Facebook, using computer code buried on their websites. With Facebook having become a core part of the modern political campaign apparatus, can we really trust politicians when they claim that they will be the ones to defend our privacy and protect us from Facebook?

How Facebook Tracks You Across the Web

In recent years, public concern around privacy and Facebook has focused on the data we willingly share with Facebook on its social media platforms—status updates, photos, comments, likes—and how Facebook in turn shares that data with third parties. But Facebook’s tracking of our online behavior is far more widespread, extending to millions of other websites.

One way Facebook does this is with the Facebook pixel, a piece of computer code that a website owner embeds into their site. Whenever you load a website containing a pixel, the pixel immediately sends information back to Facebook, including date, time, URL, and browser type. Facebook can match that data with your Facebook profile.

But a pixel can capture much more information, depending on how it is configured by the website owner, like logging when a visitor adds items to a shopping cart or searches for something. Website owners don’t have access to the raw data generated by the pixel, which is sent directly to Facebook’s servers for temporary storage and processing, but they can use it to run more targeted Facebook ads and measure their effectiveness. For example, an ecommerce company might want to show ads to people who visited its site and left without completing a purchase (this is called retargeting). Or a nonprofit might want to solicit donations from non-donors who have behavioral and demographic characteristics similar to those who have previously donated (using Facebook Lookalike Audiences). Or an elected official might want to measure whether people who see their Facebook ads are more likely to make a campaign donation on their site.

What We Found

  • 81 US senators use Facebook pixels somewhere on their campaign site.

  • 31 senators share exact donation amounts with Facebook.

  • 176 US representatives have Facebook pixels on their campaign homepage.

  • Nearly all 2020 presidential candidates uses Facebook pixels on their campaign sites.

Facebook rolled out its pixel feature to all advertisers in 2013. I first became familiar with pixels—and with digital advertising in general—while working at GraphScience, an advertising technology startup. In 2014, I joined Facebook as a data scientist working on advertising research, a position I held until 2016, when I left to work at a blockchain technology startup. But you don’t need to work at Facebook to study pixels. My analysis here is based solely on publicly available data, and in reporting this piece, I used the publicly available Facebook Pixel Helper Chrome extension to inspect websites for Facebook pixels.

When you sign up for a Facebook account, you agree to having your data collected this way under Facebook’s Terms of Service. But when other websites and apps install tracking technology like the pixel, the company says, “Facebook uses cookies and receives information when you visit those sites and apps … whether or not you have a Facebook account or are logged in.” While Facebook users can control whether the company shows them ads based on this data, and users can also opt out of receiving these ads through the Digital Advertising Alliance’s YourAdChoices program, there is no Facebook privacy setting that turns off tracking altogether. For concerned users, the best option might be a more privacy-focused web browser or VPN.

Of course, Facebook isn’t the only company that is tracking users across the internet. Plenty of web services use similar technology, and for a variety of reasons, like measuring traffic. (WIRED uses a number of trackers on its site, too, including the Facebook pixel.)

Disclosures about such tracking are often buried in websites’ privacy policies, with users having limited ability to genuinely opt out and not be tracked. While internet users can turn on their browser’s “Do not track” settings—which sends a signal to websites saying, well, do not track me—websites don’t have to listen to this request. For example, the privacy policy on President Trump’s campaign website states: “With respect to ‘do not track signals,’ we currently do not take action in response to these signals, but if a standard is established and accepted, we may reassess how to respond to these signals.” The Trump campaign did not respond to WIRED’s request for comment. In May, Hawley introduced to Congress the “Do Not Track Act,” which is precisely an attempt to establish a standard “Do not track” signal and to put the enforcement power of the Federal Trade Commission behind it.

Back to the Politicians

This is why I was so surprised to find the Facebook tracking pixel embedded in Hawley’s website, the same Hawley whose office, in a press release just last month, called him a “top critic of big tech’s data collection practices.” And as I mentioned, Hawley is in good company given that some 80 percent of his Senate colleagues have embedded Facebook tracking pixels somewhere on their campaign websites. (All of the data presented in this analysis is available in this spreadsheet and also on GitHub.)

There was also something of a partisan gap, with 90 percent of Republican senators (47 of 52) having Facebook pixels installed on their websites, compared with 73 percent of Democratic senators (33 of 45). Among the two independent US senators, Bernie Sanders—who did not respond to a request for comment—has a pixel on his website, while Angus King does not.

I also attempted to make the minimum possible donation on each of the senators’ campaign websites (usually $1). Among the 96 US senators to whom I was able to donate, 61 had embedded Facebook pixels on their donation confirmation pages.

This means that when Facebook user Becky makes a donation on Hawley’s campaign website, the Facebook pixel there immediately and automatically shares with Facebook’s servers that a user matching Becky’s profile has made a donation. Digging deeper, 31 US senators, including Hawley, had configured the pixels on their donation confirmation pages to include the exact donation amount in the data they sent back to Facebook.

Senators are not alone in their embrace of Facebook pixels. Among the 425 sitting US representatives whose campaign websites I was able to locate, I discovered Facebook pixels on 176 of those sites’ homepages, or 41.4 percent. (Two seats are currently vacant, and I could not find campaign websites for eight other members.)

I also examined the official campaign websites of 2020 presidential candidates, including President Trump as well as the 20 Democratic candidates just approved by the Democratic National Committee to participate in the first debate scheduled for later this week.

President Trump’s campaign website has Facebook pixels on its homepage and also shares exact donation amounts with Facebook. Among the 20 Democratic candidates, 19 have a Facebook pixel either on their homepage or on their donation confirmation page. The sole exception is former HUD secretary Julian Castro: Although he doesn’t have Facebook pixels on his home page or his donation confirmation page, he does have them elsewhere, including on his email list sign-up form and on his store. Thirteen of the 20 Democratic candidates share exact donation amounts with Facebook.

Many of these politicians often speak critically of Facebook in public, but, buried in invisible lines of computer code, they are engaging in widespread sharing of their constituents’ data.

While she was still a member of the House last year, for example, Senator Marsha Blackburn (R-Tennessee) compared Facebook to the Truman Show, “where people’s identities and relationships are made available to people that they don’t know, and then that data is crunched and it is used, and they are fully unaware of this.” Her campaign website has a Facebook pixel on both the homepage and the donation confirmation page. Democratic senator Ron Wyden of Oregon is another outspoken Facebook critic and has called for the FTC to hold CEO Mark Zuckerberg personally responsible for privacy violations. Wyden, too, has a Facebook pixel on his campaign homepage. Neither senator responded to WIRED’s request for comment.

Federal political committees do need to collect certain information from donors in order to comply with campaign finance laws, including the names, addresses, and occupations for individuals who contribute more than $200 in an election cycle. That information gets publicly disclosed in reports submitted to the Federal Election Commission. But the use of that information is also regulated by the government, which says that it “shall not be sold or used by any person for the purpose of soliciting contributions or for any commercial purpose.”

Those regulations don’t apply to data collected by Facebook. The use of that data is instead governed by the company’s own policies. Pixels fall under its so-called Business Tools terms, which says Facebook won’t share that data with third parties without permission, unless the company is required to do so by law. Facebook also says it does not use pixel data to place Facebook users into interest segments that other advertisers can choose to target. The company requires anyone using a pixel to provide “clear and prominent notice” of its data collection and sharing on the site.

There is also something concerning about a private company having detailed browsing records for hundreds of thousands or even millions of people—a concern that lawmakers have expressed repeatedly. In testimony before Congress last year, Mark Zuckerberg tried to reassure them. “On Facebook, you have control over your information. The content that you share, you put there. You can take it down at any time,” he said. “The information that we collect you can choose to have us not collect. You can delete any of it.”

The CEO clarified later in the hearing that web browsing history is treated a bit differently. “Web logs are not in Download Your Information,’” Zuckerberg said. “We only store them temporarily. And we convert the web logs into a set of ad interests that you might be interested in those ads, and we put that in the Download Your Information instead.” Facebook also says it de-identifies pixel data after an initial period of time.

Shortly after those hearings, Facebook announced a stillforthcoming Clear History tool that will enable users to delete Facebook’s record of their browsing history. But as of now, there seems to be limited independent oversight of Facebook’s ability to store pixel data and use it however it pleases.

Facebook has become a core part of the modern campaign apparatus for politicians who use the social networking site to broadcast their messaging, solicit donations, announce events, recruit volunteers, and more. Politicians also spend heavily on Facebook advertising. The advertising analysis and consulting firm Borrell Associates estimated that $1.4 billion was spent on political digital advertising in 2016, and it projected that number to hit $3.3 billion in 2020.

Moreover, politicians’ sharing of this data with Facebook is purely elective and is not “necessary for the operation of the website, service, or application,” which is the primary exception included in Hawley’s proposed Do Not Track Act. Rather, this sharing is for the sake of optimizing targeted advertising so that these politicians can increase their reach, raise more money, and ideally win more votes—with seemingly little regard to implications for their constituents’ privacy.

If we cannot trust our elected officials to protect data their constituents provide to them on their own websites, how can we trust them to protect the data of hundreds of millions of Americans on the most widely used platforms in the world?


HAMDAN AZHAR is a data scientist and journalist based in New York. From 2014 to 2016, he was a data scientist working on advertising research at Facebook. The contents of this article are based solely on publicly available information.


More Great WIRED Stories





Source link