Facebook, Cambridge Analytica, and Sri Lanka. Nobody cares but we really should.


It happened. Mark Zuckerberg  – CEO of Facebook gave his grey hoodies and black t-shirts a rest last week. A suit-clad Zuckerberg appeared before the US Senate Judiciary and Commerce Committee on 10th and 11th April to answer some questions about Cambridge Analytica. The 5 hours of questioning that followed, has been compared to explaining the internet to old people.

Mark Zuckerberg addressing the senate following Cambridge Analytica
Mark Zuckerberg addressing the Senate

“Senator, we run ads” laced with detectable levels of sass, was a response directed at Senator Orrin Hatch. His question was how Zuckerberg managed to keep Facebook free. While the internet has gone to town with sticking the quote on any stick-able surface, those of us reading between the lines saw more. Here we explore why Facebook is in a soup these days and what it means for Sri Lanka.

Why is Facebook In Trouble?

Zuckerberg had to make a congressional appearance because it came to light that Cambridge Analytica had been leeching-off information from Facebook. Unfortunately, this is the abridged version. Suspecting that Google search terms had been modified to suit a certain political persuasion, journalist Carole Cadwalladr unearthed a whole pattern. A detailed account of who bought the story and who avoided it (spoiler it was Zuckerberg) can be found here.

Zuckerberg facing the Senate regarding Cambridge Analytica (Image credits: Reuters/Leah Millis)
Zuckerberg facing the Senate regarding Cambridge Analytica (Image credits: Reuters/Leah Millis)

At the time (early 2017,) it was believed that around 50 million Facebook users’ information, mainly from the US was given to Cambridge Analytica. Zuckerberg was silent on the matter. Reportedly when he did comment, he made it seem like a glitch on Facebook’s end. In any case, many authors speculate that his earlier message records claiming he has access to information about ‘anyone in Harvard’ slightly mars any current apology. The damage they believe is done.

Today we know that over 87 million people have been affected. The sketchy part is, even before the Observer published Cadwalladr’s findings, Adams reports Facebook tried to legally contest it. Even if Facebook could have proved their inculpability in a court, there was definitely something they didn’t want their users to find out.

Who Is Cambridge Analytica?

One of the key points that keep cropping-up is how Facebook’s actions have hampered the workings of a democracy. This is because the data analytics firm Cambridge Analytica is found to have influenced the US’s presidential elections and the UK’s Brexit referendum among other allegations. In a chilling revelation, Christopher Wylie who was the brains behind Cambridge Analytica’s operation shared how the company managed this feat.

Explaining how former White House Chief Strategist Steve Bannon wanted “cultural weapons” to ensure Trump’s victory, Wylie says Cambridge Analytica gave him just that. Prior to his White House posting and falling out with Trump, Bannon is noted to have taken an advisory role in the former’s presidential campaign.

Combining a communications/marketing strategy called micro-targeting with phycological constructs, Wylie says the pitch to Bannon was that each voter would be targeted as a personality and not simply a voter. “In order to scale that, we would then be collecting a lot of data on people.” This data was obtained both with their knowledge and without, through Facebook. Having started trials in 2014, he says only a few hundred thousand people needed to have consented for their data to be shared with a third party on Facebook. Cambridge Analytica had access to their friend networks as well.

Attempting to influence swing voters in both of these pivotal elections, Wylie admits that Cambridge Analytica “whispered” tailored content in voter’s ear. “It’s wrong,” he says for us to think of Cambridge Analytica as only a data-analytics company. After gathering information on what type of post is bound to get a reaction from a Facebook user, such content was manufactured by videographers and writers on Cambridge Analytica’s commission.

Is this different from marketing or political campaigning?
Is this different from marketing or political campaigning?

But how is this different from usual marketing? Or political campaigning? You could walk down the road with your eyes closed if you feel consent is prerequisite to be exposed to election campaigns. One only needs to step-out during election season at home, to see certain blue, red, and green posters layered over each other, vying for visibility.

Commentators like Kavanagh have pointed-out that there was no “hacking” involved. Information was gathered through an app that requested consent. He goes on to say that Facebook had an option that allowed developers access to not just a consenting user, but their friends’ information as well. Other marketing companies exploited this access, and AI has been long prophesied to be the future so what’s all the fuss about?

Why Are Their Methods Problematic?

If you think Cambridge Analytica’s work is the scary bit, you’ve missed this thriller’s plot. According to Wylie, before any of the media reported on the matter, UK and US authorities had asked that the harvested information be deleted in 2016. He says Facebook failed to follow-up on the matter. When they did, they required a very flimsy bit of proof that he had complied.

Although he wasn’t sure if Cambridge Analytica had a glance at them, Wylie confirmed that Facebook’s messaging service was within reach. This is why Senator Brian Schatz’ question on whether “e-mails” from the Facebook-owned application, WhatsApp could trigger ads while ill-phrased, but a pertinent one. Zuckerberg insisted that advertisers couldn’t access private conversations as they were encrypted.

‘Encryption’ here is a powerful word, implying our private conversations are protected behind an impenetrable digital fortress. It’s logical to assume that if something or someone encrypted a message, they have the ability to decrypt it as well.

Allegedly Zuckerberg was expecting tougher questions- yet here’s a list of them he failed to answer. This includes if Facebook employees were working with Cambridge Analytica during the Trump elections. Should this make a difference? At what point does Facebook become liable for serving-up data?

Here’s where Senator Orrin’s seemingly innocent question comes-in with swinging force. “Senator, we run ads” goes down in legal records, that the company’s primary source of income is in selling content. If anything, it shows that Facebook has more to lose from keeping information private.

Going as far as creating shadow profiles of those who don’t use Facebook, indicates how far Facebook’s knowledge pool is. Any developer will admit these are rich pickings for either advertising or covert political espionage.

Did Facebook Do Anything Illegal?

The jury is literally still out on this one. That’s mainly why Zuckerberg was asked to explain himself to Congress.

In the absence of a strong international system to govern data security, it’s up to individual governments to decide to what degree they will uphold the rights to privacy. Even if we can accept that Cambridge Analytica and other analytics-oriented companies are the future of the democratic process, their work is about as ethical as putting pineapple on a pizza. Some people are left with the odd sensation that it’s just not right.

Facebook CEO Mark Zuckerberg awaits to testify (Image credits: Alex Wong/Getty Images)
Facebook CEO Mark Zuckerberg awaits to testify (Image credits: Alex Wong/Getty Images)

This odd sensation is reflected in the disparity in how governments have chosen to protect their citizens’ data. By roasting the Senators and counting awkward moments, the internet is laughing at its last line of defense. Even Zuckerberg agreed that there needed to be strict guidelines rather than rules to handle data in a country-specific manner.

We know that for CEO Zuckerberg’s opinion to materialize Facebook has a lot of groundwork to put in. A day after WIRED published Zuckerberg’s interview promoting a country-specific approach, Singapore’s Select Committee hearing showed us how ready Facebook was to make good on his word. Minister of Law, K Shanmugam schooled Facebook’s regional Vice President Public Policy- Simon Milner for dodging questions he felt were ‘irrelevant.’

If the Social Media platform is serious about adopting a country-specific approach, governments will need to know that Facebook can be trusted. This means Facebook might be required to take on different levels of accountability across the globe. What constitutes a breach of cyber norms and the consequences will be up to the country to decide. Academics in Singapore are pushing for cross-national collaborations to hold a variety of parties accountable for cyber breaches within its borders.

Certain countries might even readily harmonize their laws and efforts with whistleblower Snowden’s allegations that Facebook is no different from a surveillance company. As recommended with any other spyware company, governments could start with demanding that Facebook publishes its practices and procedures of concern, not only in terms of user privacy but its partners and clients as well. But this should also extend to Google, Apple, Amazon, and other companies that collect large quantities of personal data.

And surprisingly, Facebook has recently announced that it will be bound by the EU’s General Data Protection Regulations (GDPR,) once the rules come into effect on 25 May. This is hardly news since citizens of the EU have been known to have a higher level of data protection, even if that data is to be stored outside the EU’s borders.

Facebook has promised to rollout GDPR protections globally (Image credits: Hackernoon)
Facebook has promised to rollout GDPR protections globally (Image credits: Hackernoon)

Interestingly, Facebook has also claimed that it will extend this protection to citizens of states outside the EU as well. So maybe Zuckerberg’s country-specific approach is still not very country-specific after all. Even if someone in Sri Lanka was to find Facebook breaching the GDPR, it’s not clear how such a claim can be legally actionable in local courts. In any case, we predict the era of trusting Facebook to volunteer the truth to governments and their users is behind us.

Is My Facebook Safe in Sri Lanka?

To be honest, not many people care about your private information. If they did, they don’t need to consult Cambridge Analytica because our government has enough centralized information on everyone. Yes, Everyone. We don’t know who has access to this information, when it is being accessed and how it will be used. In simple terms, we have no data-protection. The ICTA has been promising legal data-protection for a while now, yet nothing has materialized.

At this point, it would be a lot more comforting if our politicians like the Prime Minister did a little more than politely refuse Cambridge Analytica’s help to get votes. Since Facebook has shown some willingness to take a country-specific approach to protection of data, perhaps the bigger task for Lankans is to figure out where we stand.


  1. This has been the topic in Indian TV debate shows in recent days. While on the debate a member of Congress party revealed that, This Cambridge Analytica helped a political family in Sri Lanka on 2015 president campaign.

  2. There is another conspiracy rolling in America that, Mark Zuckerberg is not a human. His appearance looks very suspicious too when addressing the Senate.


Please enter your comment!
Please enter your name here